| CVE-2020-26572 |
AVG-1298 |
Medium |
No |
Arbitrary code execution |
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. |
| CVE-2020-26571 |
AVG-1298 |
Medium |
No |
Arbitrary code execution |
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. |
| CVE-2020-26570 |
AVG-1298 |
Medium |
No |
Arbitrary code execution |
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file. |
| CVE-2019-19481 |
AVG-1106 |
Medium |
No |
Denial of service |
An issue was discovered in OpenSC before 0.20.0. libopensc/card-cac1.c mishandles buffer limits for CAC certificates, leading to an out-of- bounds read. |
| CVE-2019-19480 |
AVG-1106 |
Medium |
No |
Denial of service |
An issue was discovered in OpenSC before 0.20.0. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. |
| CVE-2019-19479 |
AVG-1106 |
Medium |
No |
Denial of service |
An issue was discovered in OpenSC before 0.20.0. libopensc/card- setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. |
| CVE-2019-15946 |
AVG-1106 |
Medium |
No |
Denial of service |
OpenSC before 0.20.0 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. |
| CVE-2019-15945 |
AVG-1106 |
Medium |
No |
Denial of service |
OpenSC before 0.20.0 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. |
| CVE-2019-6502 |
AVG-1106 |
Medium |
No |
Denial of service |
sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. |