VDB
CVE-2010-4531
CVE-2010-4531
PUBLISHED
CVSS 4.400000095367432 MEDIUM
Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value.
EPSS 0.28% · 51.3th percentile
Risk Scores
CVSS 2.0
4.400000095367432
EPSS Score
0.28%
51.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| muscle | pcsc-lite | 1.5.3 |
Exploit Intelligence
- FEDORA-2011-0123 (circl)
- ADV-2011-0180 (circl)
- FEDORA-2011-0164 (circl)
- http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf (circl)
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781 (circl)
- [oss-security] 20101222 CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ] (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4531 (circl)
- 42912 (circl)
- ADV-2011-0256 (circl)
- ADV-2011-0101 (circl)
…and 7 more exploits
Timeline
- Jan 18, 2011 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 9, 2023 EPSS Score
- Feb 13, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- FEDORA-2011-0123 vendor-advisory
- ADV-2011-0180 vdb
- FEDORA-2011-0164 vendor-advisory
- http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf url
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781 url
- [oss-security] 20101222 CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ] mailing-list
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4531 url
- 42912 third-party-advisory
- ADV-2011-0256 vdb
- ADV-2011-0101 vdb
- ADV-2010-3264 vdb
- [Pcsclite-cvs-commit] 20101103 r5370 - /trunk/PCSC/src/atrhandler.c mailing-list
- 43112 third-party-advisory
- 45450 vdb
- [oss-security] 20110103 Re: CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: CVE request: opensc buffer overflow ] mailing-list
- DSA-2156 vendor-advisory
- MDVSA-2011:015 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2010-4531 advisory
- https://access.redhat.com/errata/RHSA-2013:0525 url
- https://access.redhat.com/security/cve/CVE-2010-4531 url
…and 1 more