CVE-2010-4523

Description

Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c.

How to fix CVE-2010-4523

To remediate CVE-2010-4523, upgrade the affected package to a fixed version below.

• Debian/opensc—upgrade to 0.11.13-1.1 or later

Is CVE-2010-4523 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.11.13-1.1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-4523