Published: 06/10/2020 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

The Oberthur smart card software driver in OpenSC prior to 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensc project opensc
fedoraproject fedora 33
debian debian linux 9.0

Debian Bug report logs - #972037 CVE-2020-26570 Package: opensc; Maintainer for opensc is Debian OpenSC Maintainers <pkg-opensc-maint@listsaliothdebianorg>; Source for opensc is src:opensc (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 11 Oct 2020 17:06:08 UTC Severity: importan ...

OpenSC before 0200-rc1 has an out-of-bounds access of an ASN1 Bitstring in decode_bit_string in libopensc/asn1c (CVE-2019-15945) OpenSC before 0200-rc1 has an out-of-bounds access of an ASN1 Octet string in asn1_decode_entry in libopensc/asn1c (CVE-2019-15946) An issue was discovered in OpenSC through 0190 and 020x through 0200-rc3 ...

The Oberthur smart card software driver in OpenSC before 0210-rc1 has a heap-based buffer overflow in sc_oberthur_read_file ...

CWE-787 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316 https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e http://www.openwall.com/lists/oss-security/2020/11/24/4 https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXOHFDMNMO6IDECAGUTB3SJGAGXVRT6S/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972037 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2023-2262.html

CVE-2020-26570

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect