Impact Analysis

The impact of this vulnerability is considered low severity, with a CVSS v4 base score of 1.0.

An attacker must be physically present and present a maliciously crafted PIV smart card or USB device to trigger the vulnerability.

Successful exploitation could lead to memory corruption, which might cause application crashes or unpredictable behavior in the OpenSC software.

However, there is no indication from the provided information that this vulnerability allows remote code execution or privilege escalation.

Useful 0 Not Useful 0

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0

Executive Summary

This vulnerability is a stack buffer overflow in OpenSC versions before 0.27.0-rc1, specifically in the piv_process_history() function within the card-piv.c source file.

It occurs when a physically present attacker presents a specially crafted PIV smart card or USB device that returns a Key History Object ASN.1 response containing a URL field longer than 118 bytes.

This causes memory corruption due to the buffer overflow, potentially leading to unexpected behavior or crashes.

The issue was fixed by validating the filename derived from the URL to ensure it is exactly 64 characters long and contains only valid hexadecimal digits, preventing the overflow.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability is triggered by presenting a physically present maliciously crafted PIV smart card or USB device that returns a Key History Object ASN.1 response with a URL field longer than 118 bytes.

Detection involves verifying the version of OpenSC installed and checking for the presence of the vulnerable piv_process_history() function handling unvalidated URL fields.

You can detect if your OpenSC version is vulnerable by checking the installed version with the command:

• opensc-tool --version

If the version is before 0.27.0-rc1, it is vulnerable.

To detect attempts to exploit this vulnerability, monitor logs or system behavior when a PIV smart card or USB device is inserted, especially if it returns unusually long URL fields in the Key History Object.

There are no specific commands provided in the resources to detect crafted payloads or malformed URL fields directly.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade OpenSC to version 0.27.0-rc1 or later, where the vulnerability has been fixed.

The fix involves validating the filename derived from the URL in the Key History Object to ensure it is exactly 64 characters long and contains only valid hexadecimal digits, preventing buffer overflow.

Until the upgrade can be applied, avoid using untrusted or unknown PIV smart cards or USB devices that could trigger the vulnerability.

Review and apply the security patch from commit 3f24f0b if you maintain a custom build of OpenSC.

Useful 0 Not Useful 0