Bugzilla – Bug 1150032
VUL-1: CVE-2019-16058: pam_p11: buffer overflow if a smart card creates a signature with a length longer than 256 bytes
Last modified: 2022-09-16 12:43:57 UTC
An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If
a smart card creates a signature with a length longer than 256 bytes, this
triggers a buffer overflow. This may be the case for RSA keys with 4096 bits
depending on the signature scheme.
Tracked as affected both SLE11 and SLE12
This isn't an issue in SLE11 and SLE12.
A buffer with length of 256 is passed to PKCS11_sign() along with a pointer to the variable that holds the length of the buffer. The chain continues to C_Sign() in our opensc package.
Within C_Sign() the actual signature size is retrieved and then compared to the buffer size. If the buffer is too small to hold the signature then an error value is returned and the buffer is unchanged.
C_Sign() checks the buffer size in both:
* opensc-0.11.6 (SLE11) and:
* opensc-0.13.0 (SLE12).
Therefore, both SLE11 and SLE12 are not affected.
Assigning to @security-team
Not affected, closing.