{"id":"CVE-2019-20792","details":"OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.","modified":"2026-04-11T09:39:55.772539Z","published":"2020-04-29T04:15:17.170Z","related":["SUSE-SU-2021:1168-1","SUSE-SU-2022:1041-1","openSUSE-SU-2021:0565-1","openSUSE-SU-2024:11643-1"],"references":[{"type":"ADVISORY","url":"https://github.com/OpenSC/OpenSC/compare/0.19.0...0.20.0"},{"type":"FIX","url":"https://github.com/OpenSC/OpenSC/commit/c246f6f69a749d4f68626b40795a4f69168008f4"},{"type":"EVIDENCE","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opensc/opensc","events":[{"introduced":"0"},{"fixed":"45e29056ccde422e70ed3585084a7f150c632515"},{"fixed":"c246f6f69a749d4f68626b40795a4f69168008f4"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.20.0"}]}}],"versions":["0.12.2","0.12.2-rc1","0.13.0","0.13.0pre1","0.13.0rc1","0.14.0","0.14.0rc2","0.14.0rtm","0.15.0","0.16.0","0.17.0","0.17.0-rc1","0.17.0-rc2","0.18.0","0.18.0-rc1","0.18.0-rc2","0.19.0","0.19.0-rc1","0.20.0-rc1","0.20.0-rc2","0.20.0-rc3","0.20.0-rc4","v0.12.2","v0.16.0-pre1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20792.json","vanir_signatures":[{"source":"https://github.com/opensc/opensc/commit/45e29056ccde422e70ed3585084a7f150c632515","id":"CVE-2019-20792-0e4109b3","signature_type":"Function","signature_version":"v1","digest":{"length":2619,"function_hash":"293648382138511495160968861622353662031"},"target":{"file":"src/tests/fuzzing/fuzz_pkcs15_reader.c","function":"LLVMFuzzerTestOneInput"},"deprecated":false},{"source":"https://github.com/opensc/opensc/commit/c246f6f69a749d4f68626b40795a4f69168008f4","id":"CVE-2019-20792-3c6d3c4a","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["230985030794508757992760968719559967350","310435344726459438381937301013045244530","288673917574911987998876666203952460375"]},"target":{"file":"src/libopensc/card-coolkey.c"},"deprecated":false},{"source":"https://github.com/opensc/opensc/commit/45e29056ccde422e70ed3585084a7f150c632515","id":"CVE-2019-20792-775a11f1","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["194062470009936436447945246988331101219","251408580405775135383116960595976968951","284045830406911495116073497720354821007","270953615497185537070235313685442968422","20393014985081258602878277868967455511","91070933187673124866303201171236791528","240044258610078274294209636274322753269","302641261595298239604372272751171178922"]},"target":{"file":"src/tests/fuzzing/fuzz_pkcs15_reader.c"},"deprecated":false},{"source":"https://github.com/opensc/opensc/commit/c246f6f69a749d4f68626b40795a4f69168008f4","id":"CVE-2019-20792-f5fba478","signature_type":"Function","signature_version":"v1","digest":{"length":716,"function_hash":"81983556100758335818887154183925867305"},"target":{"file":"src/libopensc/card-coolkey.c","function":"coolkey_add_object"},"deprecated":false}],"vanir_signatures_modified":"2026-04-11T09:39:55Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}