AVG-1298 log

Package opensc
Status Fixed
Severity Medium
Type arbitrary code execution
Affected 0.20.0-3
Fixed 0.21.0-1
Current 0.22.0-1 [community]
Ticket FS#68195
Created Tue Nov 24 19:06:00 2020
Issue Severity Remote Type Description
CVE-2020-26572 Medium No Arbitrary code execution
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
CVE-2020-26571 Medium No Arbitrary code execution
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
CVE-2020-26570 Medium No Arbitrary code execution
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.
Date Advisory Package Type
26 Nov 2020 ASA-202011-27 opensc arbitrary code execution
References
https://github.com/OpenSC/OpenSC/releases/tag/0.21.0