CVE-2020-26572Out-of-bounds Write in Project Opensc

CWE-787Out-of-bounds WriteCWE-121Stack-based Buffer Overflow12 documents9 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 84.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Opensc Project OpenscDebian LinuxFedoraproject Fedora
Timeline
PublishedOct 6
Latest updateJun 8

Description

The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debianopensc_project/opensc< 0.21.0-1+3

Also affects: Debian Linux 9.0, Fedora 33

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
opensc vulnerabilities2022-06-08
GHSA
GHSA-h2m7-5hj2-cj6c: The TCOS smart card software driver in OpenSC before 02022-05-24
OSV
CVE-2020-26572: The TCOS smart card software driver in OpenSC before 02020-10-06
CVEList
CVE-2020-26572: The TCOS smart card software driver in OpenSC before 02020-10-06

📋Vendor Advisories

4
Ubuntu
OpenSC vulnerabilities2022-06-08
Microsoft
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.2020-10-13
Red Hat
opensc: stack-based buffer overflow in tcos_decipher2020-10-06
Debian
CVE-2020-26572: opensc - The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-base...2020

💬Community

3
Bugzilla
CVE-2020-26572 opensc: stack-based buffer overflow in tcos_decipher2020-10-07
Bugzilla
CVE-2020-26572 opensc: stack-based buffer overflow in tcos_decipher [fedora-all]2020-10-07
Bugzilla
CVE-2020-26572 opensc: stack-based buffer overflow in tcos_decipher [epel-6]2020-10-07
CVE-2020-26572 — Out-of-bounds Write in Project Opensc | cvebase