CVE-2020-26570Out-of-bounds Write in Project Opensc

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow12 documents9 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 84.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Opensc Project OpenscDebian LinuxFedoraproject Fedora
Timeline
PublishedOct 6
Latest updateJun 8

Description

The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debianopensc_project/opensc< 0.21.0-1+3

Also affects: Debian Linux 9.0, Fedora 33

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
opensc vulnerabilities2022-06-08
GHSA
GHSA-547v-83cc-5hqg: The Oberthur smart card software driver in OpenSC before 02022-05-24
CVEList
CVE-2020-26570: The Oberthur smart card software driver in OpenSC before 02020-10-06
OSV
CVE-2020-26570: The Oberthur smart card software driver in OpenSC before 02020-10-06

📋Vendor Advisories

4
Ubuntu
OpenSC vulnerabilities2022-06-08
Microsoft
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.2020-10-13
Red Hat
opensc: heap-based buffer overflow in sc_oberthur_read_file2020-10-06
Debian
CVE-2020-26570: opensc - The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-b...2020

💬Community

3
Bugzilla
CVE-2020-26570 opensc: heap-based buffer overflow in sc_oberthur_read_file2020-10-07
Bugzilla
CVE-2020-26570 opensc: heap-based buffer overflow in sc_oberthur_read_file [fedora-all]2020-10-07
Bugzilla
CVE-2020-26570 opensc: heap-based buffer overflow in sc_oberthur_read_file [epel-6]2020-10-07
CVE-2020-26570 — Out-of-bounds Write in Project Opensc | cvebase