Endless Recursion Vulnerability in iasecc_select_file in OpenSC

CVE-2018-16426 · LOW Severity

AV:L/AC:L/AU:N/C:N/I:N/A:P

Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.

Learn more about our Web Application Penetration Testing UK.