CVE-2010-4531

Publication date 18 January 2011

Last updated 24 July 2024

Ubuntu priority

Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
pcsc-lite	11.10 oneiric	Not affected
	11.04 natty	Not affected
	10.10 maverick	Fixed 1.5.5-3ubuntu2.1
	10.04 LTS lucid	Fixed 1.5.3-1ubuntu4.2
	9.10 karmic	Fixed 1.5.3-1ubuntu1.2
	8.04 LTS hardy	Ignored end of life
	6.06 LTS dapper	Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
pcsc-lite	Upstream: http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html

References

Related Ubuntu Security Notices (USN)

USN-1125-1
PCSC-Lite vulnerability
27 April 2011

CVE-2010-4531

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references