Bug 1214591 (CVE-2021-34193)

Summary: VUL-0: CVE-2021-34193: opensc: stack overflow via crafted responses to APDUs
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: abergmann, security-team, stoyan.manolov
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/376006/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-34193:4.3:(AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 1 Alexander Bergmann 2023-08-24 15:22:19 UTC 
Question to upstream about the situation:

https://github.com/OpenSC/OpenSC/issues/2841
Comment 2 Otto Hollmann 2023-09-04 14:06:13 UTC 
As discussed upstream, this issue is duplicate for following CVEs:
CVE-2021-42778 opensc: Heap double free in sc_pkcs15_free_tokeninfo
CVE-2021-42779 opensc: Heap use after free in sc_file_valid
CVE-2021-42780 opensc: Use after return in insert_pin function
CVE-2021-42781 opensc: Heap buffer overflow in pkcs15-oberthur.c
CVE-2021-42782 opensc: Stack buffer overflow issues in various places

All of them are already fixed in our codestreams so I suggest to close this issue as invalid.

Upstream comment:
> https://github.com/OpenSC/OpenSC/issues/2841#issuecomment-1700853357