CVE-2020-26571
published 2020-10-06CVE-2020-26571: The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | opensc | < opensc 0.21.0-1 (bookworm) | opensc 0.21.0-1 (bookworm) |
| fedoraproject | fedora | — | — |
| msrc | cbl2_opensc_0.22.0-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| opensc_project | opensc | <= 0.20.0 | — |
| opensc_project | opensc | >= 0 < 0.21.0-1 | 0.21.0-1 |
| opensc_project | opensc | >= 0 < 0.21.0-1 | 0.21.0-1 |
| opensc_project | opensc | >= 0 < 0.21.0-1 | 0.21.0-1 |
| opensc_project | opensc | >= 0 < 0.21.0-1 | 0.21.0-1 |
| opensc_project | opensc | >= 0 < 0.15.0-1ubuntu1+esm1 | 0.15.0-1ubuntu1+esm1 |
| opensc_project | opensc | >= 0 < 0.17.0-3ubuntu0.1~esm1 | 0.17.0-3ubuntu0.1~esm1 |
| opensc_project | opensc | >= 0 < 0.20.0-3ubuntu0.1~esm1 | 0.20.0-3ubuntu0.1~esm1 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.4MEDIUM