ID CVE-2020-26571
Summary The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
References
Vulnerable Configurations
  • cpe:2.3:a:opensc_project:opensc:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.12.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.12.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.13.0:-:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.13.0:-:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.13.0:prerelease1:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.13.0:prerelease1:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.13.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.13.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.14.0:-:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.14.0:-:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.14.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.14.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.15.0:-:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.15.0:-:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.15.0:prerelease1:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.15.0:prerelease1:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.15.0:prerelease2:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.15.0:prerelease2:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.15.0:prerelease3:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.15.0:prerelease3:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.16.0:-:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.16.0:-:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.16.0:prerelease1:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.16.0:prerelease1:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.16.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.16.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.16.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.16.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.17.0:-:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.17.0:-:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.17.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.17.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.17.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.17.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.18.0:-:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.18.0:-:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.18.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.18.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.18.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.18.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.19.0:-:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.19.0:-:*:*:*:*:*:*
  • cpe:2.3:a:opensc_project:opensc:0.19.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:opensc_project:opensc:0.19.0:rc1:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 30-11-2021 - 19:43)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
refmap via4
fedora FEDORA-2020-7c80831ffe
misc https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612
mlist [oss-security] 20201124 OpenSC 0.21.0 released
Last major update 30-11-2021 - 19:43
Published 06-10-2020 - 02:15
Last modified 30-11-2021 - 19:43
Back to Top