Published: 06/10/2020 Updated: 12/12/2020
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

The TCOS smart card software driver in OpenSC prior to 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

opensc project opensc

Vendor Advisories

Debian Bug report logs - #972035 CVE-2020-26572 Package: opensc; Maintainer for opensc is Debian OpenSC Maintainers <pkg-opensc-maint@listsaliothdebianorg>; Source for opensc is src:opensc (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 11 Oct 2020 17:06:03 UTC Severity: importan ...
The TCOS smart card software driver in OpenSC before 0210-rc1 has a stack-based buffer overflow in tcos_decipher ...
Arch Linux Security Advisory ASA-202011-27 ========================================== Severity: Medium Date : 2020-11-26 CVE-ID : CVE-2020-26570 CVE-2020-26571 CVE-2020-26572 Package : opensc Type : arbitrary code execution Remote : No Link : securityarchlinuxorg/AVG-1298 Summary ======= The package opensc before version 02 ...

Mailing Lists

Hi all! I'm happy to finally announce the new release 0210 of OpenSC <githubcom/OpenSC/OpenSC/releases/tag/0210> You can read a full summary of the changes and get the release binaries on GitHub We recommend upgrading your installation, most notably for fixing CVE-2020-26570, CVE-2020-26571 and CVE-2020-26572 We've not only ...