AVG-1298 log

Issue	Severity	Remote	Type	Description
CVE-2020-26572	Medium	No	Arbitrary code execution	The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
CVE-2020-26571	Medium	No	Arbitrary code execution	The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
CVE-2020-26570	Medium	No	Arbitrary code execution	The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.

Issue

Severity

Remote

Type

Description

Medium

Arbitrary code execution

The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.

Medium

Arbitrary code execution

The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.

Medium

Arbitrary code execution

The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.

Date	Advisory	Package	Type
26 Nov 2020	ASA-202011-27	opensc	arbitrary code execution

References
https://github.com/OpenSC/OpenSC/releases/tag/0.21.0