CVE-2010-4530 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2010-4530 Interim 1 22 2023-02-15T02:32:38Z current 2021-05-30T12:55:09Z 2023-02-15T02:32:38Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2010-4530 Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2011-02/msg00001.html E-Mail link for SUSE-SR:2011:003 https://lists.opensuse.org/opensuse-updates/2011-02/msg00000.html E-Mail link for openSUSE-SU-2011:0092-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Server 15-ESPOS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Server for SAP Applications 15 openSUSE Tumbleweed pcsc-ccid pcsc-ccid-1.3.8-3.15.1 pcsc-ccid-1.4.14-1.42 pcsc-ccid-1.4.14-1.45 pcsc-ccid-1.4.25-1.1 pcsc-ccid-1.4.25-4.1 pcsc-ccid-1.4.28-1.31 pcsc-lite-1.4.102-1.37.3 pcsc-lite-32bit-1.4.102-1.37.3 pcsc-ccid-1.4.14-1.45 as a component of SUSE Linux Enterprise Desktop 12 pcsc-ccid-1.4.14-1.45 as a component of SUSE Linux Enterprise Desktop 12 SP1 pcsc-ccid-1.4.14-1.45 as a component of SUSE Linux Enterprise Desktop 12 SP2 pcsc-ccid-1.4.25-4.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 pcsc-ccid-1.4.25-4.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 pcsc-ccid-1.4.25-4.1 as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 pcsc-ccid-1.4.28-1.31 as a component of SUSE Linux Enterprise Module for Basesystem 15 pcsc-ccid-1.3.8-3.15.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA pcsc-lite-1.4.102-1.37.3 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA pcsc-lite-32bit-1.4.102-1.37.3 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA pcsc-ccid-1.3.8-3.15.1 as a component of SUSE Linux Enterprise Server 11 SP2 pcsc-ccid-1.3.8-3.15.1 as a component of SUSE Linux Enterprise Server 11 SP3 pcsc-ccid-1.3.8-3.15.1 as a component of SUSE Linux Enterprise Server 11 SP4 pcsc-ccid-1.4.14-1.45 as a component of SUSE Linux Enterprise Server 12 pcsc-ccid-1.4.14-1.45 as a component of SUSE Linux Enterprise Server 12 SP1 pcsc-ccid-1.4.14-1.45 as a component of SUSE Linux Enterprise Server 12 SP2 pcsc-ccid-1.4.25-4.1 as a component of SUSE Linux Enterprise Server 12 SP3 pcsc-ccid-1.4.25-4.1 as a component of SUSE Linux Enterprise Server 12 SP4 pcsc-ccid-1.4.25-4.1 as a component of SUSE Linux Enterprise Server 12 SP5 pcsc-ccid-1.4.14-1.42 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 pcsc-ccid-1.4.25-1.1 as a component of openSUSE Tumbleweed pcsc-ccid as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS pcsc-ccid as a component of SUSE Linux Enterprise Server 15-ESPOS pcsc-ccid as a component of SUSE Linux Enterprise Server 15-LTSS pcsc-ccid as a component of SUSE Linux Enterprise Server for SAP Applications 15 Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow. CVE-2010-4530 SUSE Linux Enterprise Desktop 12:pcsc-ccid-1.4.14-1.45 SUSE Linux Enterprise Desktop 12 SP1:pcsc-ccid-1.4.14-1.45 SUSE Linux Enterprise Desktop 12 SP2:pcsc-ccid-1.4.14-1.45 SUSE Linux Enterprise Desktop 12 SP3:pcsc-ccid-1.4.25-4.1 SUSE Linux Enterprise Desktop 12 SP4:pcsc-ccid-1.4.25-4.1 SUSE Linux Enterprise High Performance Computing 12 SP5:pcsc-ccid-1.4.25-4.1 SUSE Linux Enterprise Module for Basesystem 15:pcsc-ccid-1.4.28-1.31 SUSE Linux Enterprise Server 11 SP1-TERADATA:pcsc-ccid-1.3.8-3.15.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:pcsc-lite-1.4.102-1.37.3 SUSE Linux Enterprise Server 11 SP1-TERADATA:pcsc-lite-32bit-1.4.102-1.37.3 SUSE Linux Enterprise Server 11 SP2:pcsc-ccid-1.3.8-3.15.1 SUSE Linux Enterprise Server 11 SP3:pcsc-ccid-1.3.8-3.15.1 SUSE Linux Enterprise Server 11 SP4:pcsc-ccid-1.3.8-3.15.1 SUSE Linux Enterprise Server 12:pcsc-ccid-1.4.14-1.45 SUSE Linux Enterprise Server 12 SP1:pcsc-ccid-1.4.14-1.45 SUSE Linux Enterprise Server 12 SP2:pcsc-ccid-1.4.14-1.45 SUSE Linux Enterprise Server 12 SP3:pcsc-ccid-1.4.25-4.1 SUSE Linux Enterprise Server 12 SP4:pcsc-ccid-1.4.25-4.1 SUSE Linux Enterprise Server 12 SP5:pcsc-ccid-1.4.25-4.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:pcsc-ccid-1.4.14-1.42 openSUSE Tumbleweed:pcsc-ccid-1.4.25-1.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:pcsc-ccid SUSE Linux Enterprise Server 15-ESPOS:pcsc-ccid SUSE Linux Enterprise Server 15-LTSS:pcsc-ccid SUSE Linux Enterprise Server for SAP Applications 15:pcsc-ccid moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P