Published: 06/10/2020 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

The TCOS smart card software driver in OpenSC prior to 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensc project opensc
fedoraproject fedora 33
debian debian linux 9.0

Debian Bug report logs - #972035 CVE-2020-26572 Package: opensc; Maintainer for opensc is Debian OpenSC Maintainers <pkg-opensc-maint@listsaliothdebianorg>; Source for opensc is src:opensc (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 11 Oct 2020 17:06:03 UTC Severity: importan ...

OpenSC before 0200-rc1 has an out-of-bounds access of an ASN1 Bitstring in decode_bit_string in libopensc/asn1c (CVE-2019-15945) OpenSC before 0200-rc1 has an out-of-bounds access of an ASN1 Octet string in asn1_decode_entry in libopensc/asn1c (CVE-2019-15946) An issue was discovered in OpenSC through 0190 and 020x through 0200-rc3 ...

The TCOS smart card software driver in OpenSC before 0210-rc1 has a stack-based buffer overflow in tcos_decipher ...

CWE-787 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967 https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817 http://www.openwall.com/lists/oss-security/2020/11/24/4 https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXOHFDMNMO6IDECAGUTB3SJGAGXVRT6S/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972035 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2023-2262.html

CVE-2020-26572

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect