CVE-2010-4530

Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow.

公开: 2011-01-18 最后更新: 2026-06-16 分配方: [email protected] 来源: [email protected]

结论预警: CVE-2010-4530 综合评估为低风险(32.3/100):CVSS 技术影响为中级,利用概率偏低(EPSS 0.54%) 强制指令: 持续跟踪利用情报与 EPSS 变化,并适时复评优先级。

风险随态势动态变化;本站持续评估并同步更新本页展示内容。

CVE-2010-4530 的 EPSS(利用预测评分)

EPSS 日更估计相对被利用可能性;百分位表示该 CVE 在已评分漏洞中的相对排名(越高表示相对更严重)。

# 日期 旧 EPSS 分数 新 EPSS 分数 变化(新 − 旧)
1 2026-06-15 0.25% 0.54% +0.30%
2 2025-03-30 0.27% 0.25% -0.03%
3 2025-03-29 0.27%

完整 EPSS 历史 (共 8 条)

CVE-2010-4530 的 CVSS 指标

该 CVE 的 CVSS 指标。

底座分 版本 严重度 向量 可利用性 影响 分数来源
4.4 2.0 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P 点击展开
访问路径 (AV:L)
需本地登录或本机交互,远程触达不足以单独完成利用。
访问复杂度 (AC:M)
需要若干有利条件,但不至于“千年一遇”。
认证 (AU:N)
全程无需有效身份。
机密性影响 (C:P)
机密性受到部分损害。
完整性影响 (I:P)
完整性受到部分损害。
可用性影响 (A:P)
可用性受到部分损害。
3.4 6.4 [email protected]

CVE-2010-4530 的弱点枚举

CVE-2010-4530 的 OS 跟踪

vendor priority summary link
debian unimportant CVE-2010-4530 unimportant priority: Debian including 1 source packages (ccid), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2010-4530
gentoo high CVE-2010-4530: 1 GLSA(s) (201401-16), 1 atom(s) (app-crypt/ccid); latest impact high. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2010-4530
redhat low https://access.redhat.com/security/cve/CVE-2010-4530
suse medium CVE-2010-4530 severity moderate: SUSE including 12 source package names (pcsc-ccid, pcsc-ccid-1.3.8-3.15.1, …), 29 product×package rows across 27 product lines (SUSE Linux Enterprise Desktop 12, SUSE Linux Enterprise Desktop 12 SP1, … (27 product lines)): Fixed 25, Known Not Affected 4. https://www.suse.com/security/cve/CVE-2010-4530/
ubuntu medium CVE-2010-4530 medium priority: Ubuntu including 1 source packages (ccid), 22 status rows across 22 suites (artful, bionic, cosmic, dapper, hardy, karmic, lucid, maverick, natty, oneiric, precise, quantal, raring, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): ignored 17, not-affected 3, DNE 1, released 1. https://ubuntu.com/security/CVE-2010-4530

CVE-2010-4530 的影响软件 / 配置

厂商 产品 版本 原始 CPE
muscle pcsc-lite 1.5.3 cpe:2.3:a:muscle:pcsc-lite:1.5.3:*:*:*:*:*:*:*

CVE-2010-4530 的参考链接

URL 标签
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-libccid-buffer-overflow_2010-12-13.pdf Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053076.html Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053097.html Patch
http://rhn.redhat.com/errata/RHSA-2013-1323.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:014
http://www.openwall.com/lists/oss-security/2010/12/22/7
http://www.openwall.com/lists/oss-security/2011/01/03/3
http://www.securityfocus.com/bid/45806
http://www.vupen.com/english/advisories/2011/0100 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0179
https://bugzilla.redhat.com/show_bug.cgi?id=664986 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/64961
cvelogic Threat Intelligence