Description
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6Attack Vector: Local
Complexity: Low
Privileges: Low
User Interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: High
Affected Packages2 packages
Also affects: Debian Linux 9.0, Fedora 33
🔴Vulnerability Details
4OSVopensc vulnerabilities↗2022-06-08 GHSAGHSA-7c8p-jqm5-mj3q: The gemsafe GPK smart card software driver in OpenSC before 0↗2022-05-24 OSVCVE-2020-26571: The gemsafe GPK smart card software driver in OpenSC before 0↗2020-10-06 CVEListCVE-2020-26571: The gemsafe GPK smart card software driver in OpenSC before 0↗2020-10-06 📋Vendor Advisories
4UbuntuOpenSC vulnerabilities↗2022-06-08 MicrosoftThe gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.↗2020-10-13 Red Hatopensc: stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init↗2020-10-06 DebianCVE-2020-26571: opensc - The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a sta...↗2020 💬Community
3BugzillaCVE-2020-26571 opensc: stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init [epel-6]↗2020-10-07 BugzillaCVE-2020-26571 opensc: stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init↗2020-10-07 BugzillaCVE-2020-26571 opensc: stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init [fedora-all]↗2020-10-07