Fluid Attacks Database

Description

Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	pcsc-lite	<0:1.4.4-4.el5_5	0:1.4.4-4.el5_5
debian 11	pcsc-lite	>=0 <1.5.4-1	1.5.4-1
debian 12	pcsc-lite	>=0 <1.5.4-1	1.5.4-1
debian 13	pcsc-lite	>=0 <1.5.4-1	1.5.4-1
debian 14	pcsc-lite	>=0 <1.5.4-1	1.5.4-1
rpm rhel6	pcsc-lite	-	-

Aliases

1. CVE-2010-04072. NVD-2010-04073. OSV-2010-04074. OSV-DEBIAN-2010-04075. SECURITY-TRACKER-CVE-2010-0407

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.