← Back

CVE-2009-4901

nvd nist
Published: Jun 18, 2010Modified: Apr 29, 2026

JSON object

Loading...
2.1
Vector
AV:L/AC:L/Au:N/C:N/I:N/A:P
Exploitability: 3.9 / Impact: 2.9
Source: NVD

Description

The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.

Affected (35)

Products: Muscle: Pcsc Lite
Muscle
1 product
Pcsc Lite
Configuration A
35 vulnerable
Vulnerable SoftwareAffected Versions
Muscle
Pcsc Lite
Up to 1.5.3
Pcsc Lite
Version 1.1.2 beta2
Pcsc Lite
Version 1.1.2 beta3
Pcsc Lite
Version 1.1.2 beta4
Pcsc Lite
Version 1.1.2 beta5
Pcsc Lite
Version 1.2.0
Pcsc Lite
Version 1.2.0 rc1
Pcsc Lite
Version 1.2.0 rc2
Pcsc Lite
Version 1.2.0 rc3
Pcsc Lite
Version 1.2.9 beta10
Pcsc Lite
Version 1.2.9 beta1
Pcsc Lite
Version 1.2.9 beta2
Pcsc Lite
Version 1.2.9 beta3
Pcsc Lite
Version 1.2.9 beta4
Pcsc Lite
Version 1.2.9 beta5
Pcsc Lite
Version 1.2.9 beta6
Pcsc Lite
Version 1.2.9 beta7
Pcsc Lite
Version 1.2.9 beta8
Pcsc Lite
Version 1.2.9 beta9
Pcsc Lite
Version 1.3.0
Pcsc Lite
Version 1.3.1
Pcsc Lite
Version 1.3.2
Pcsc Lite
Version 1.3.3
Pcsc Lite
Version 1.4.0
Pcsc Lite
Version 1.4.100
Pcsc Lite
Version 1.4.101
Pcsc Lite
Version 1.4.102
Pcsc Lite
Version 1.4.1
Pcsc Lite
Version 1.4.2
Pcsc Lite
Version 1.4.3
Pcsc Lite
Version 1.4.4
Pcsc Lite
Version 1.4.99
Pcsc Lite
Version 1.5.0
Pcsc Lite
Version 1.5.1
Pcsc Lite
Version 1.5.2

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (22)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch

Timeline

No history available yet.