[3.2] pcsc-lite: Use-after-free of cardsList due to SCardReleaseContext invocations (CVE-2016-10109)
The SCardReleaseContext function normally releases resources associated
with the given handle (including “cardsList”) and clients should cease
using this handle.
A malicious client can however make the daemon invoke
SCardReleaseContext and continue issuing other commands that use
“cardsList”, resulting in a use-after-free.
When SCardReleaseContext is invoked multiple times, it additionally
results in a double-free of “cardsList”.
Affected Versions:
PCSC-Lite >= 1.6.0, < 1.8.20
Fixed In Version:
pcsc-lite 1.8.20
Reference:
http://seclists.org/oss-sec/2017/q1/18
Patch:
(from redmine: issue id 6633, created on 2017-01-05, closed on 2017-01-06)
- Relations:
- parent #6629 (closed)
- Changesets:
- Revision 0e08b80a by Timo Teräs on 2017-01-06T08:39:47Z:
main/pcsc-lite: security upgrade to 1.8.20 (CVE-2016-10109)
fixes #6633
remove unneeded patch (upstream fixed issue)