Description
OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208
Patch, Third Party Advisory x_refsource_misc
https://github.com/OpenSC/OpenSC/commit/c246f6f69a749d4f68626b40795a4f69168008f4
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/OpenSC/OpenSC/compare/0.19.0...0.20.0
Scores
CVSS v3
6.8
EPSS
0.0016
EPSS Percentile
37.1%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-415
Status
published
Products (1)
opensc_project/opensc
< 0.20.0
Published
Apr 29, 2020
Tracked Since
Feb 18, 2026