Executive Summary

Name CVE-2010-4530 First vendor Publication 2011-01-18
Vendor Cve Last vendor Modification 2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 4.4 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4530

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

CPE : Common Platform Enumeration

Application 1

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/45806
CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053076...
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2011:014
MISC http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-ove...
MLIST http://www.openwall.com/lists/oss-security/2010/12/22/7
REDHAT http://rhn.redhat.com/errata/RHSA-2013-1323.html
VUPEN http://www.vupen.com/english/advisories/2011/0100
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/64961

