Bugzilla – Bug 1150032
VUL-1: CVE-2019-16058: pam_p11: buffer overflow if a smart card creates a signature with a length longer than 256 bytes
Last modified: 2022-09-16 12:43:57 UTC
CVE-2019-16058 An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16058 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16058.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16058 http://www.cvedetails.com/cve/CVE-2019-16058/ https://github.com/OpenSC/pam_p11/commit/d150b60e1e14c261b113f55681419ad1dfa8a76c
Tracked as affected both SLE11 and SLE12
This isn't an issue in SLE11 and SLE12. A buffer with length of 256 is passed to PKCS11_sign() along with a pointer to the variable that holds the length of the buffer. The chain continues to C_Sign() in our opensc package. Within C_Sign() the actual signature size is retrieved and then compared to the buffer size. If the buffer is too small to hold the signature then an error value is returned and the buffer is unchanged. C_Sign() checks the buffer size in both: * opensc-0.11.6 (SLE11) and: * opensc-0.13.0 (SLE12). Therefore, both SLE11 and SLE12 are not affected. Assigning to @security-team
Not affected, closing.