AVG-1298 log
Package | opensc |
Status | Fixed |
Severity | Medium |
Type | arbitrary code execution |
Affected | 0.20.0-3 |
Fixed | 0.21.0-1 |
Current | 0.26.0-3 [extra] |
Ticket | FS#68195 |
Created | Tue Nov 24 19:06:00 2020 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2020-26572 | Medium | No | Arbitrary code execution | The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. |
CVE-2020-26571 | Medium | No | Arbitrary code execution | The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. |
CVE-2020-26570 | Medium | No | Arbitrary code execution | The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file. |
Date | Advisory | Package | Type |
---|---|---|---|
26 Nov 2020 | ASA-202011-27 | opensc | arbitrary code execution |
References |
---|
https://github.com/OpenSC/OpenSC/releases/tag/0.21.0 |