Stack-based Buffer Overflow in TCOS Smart Card Software Driver from OpenSC
CVE-2020-26572

5.5MEDIUM

Key Information:

Vendor

Opensc Project

Status
Opensc
Vendor
CVE Published:
6 October 2020

What is CVE-2020-26572?

A stack-based buffer overflow vulnerability exists in the TCOS smart card software driver in OpenSC, which can lead to unauthorized access and potential system compromises for versions before 0.21.0-rc1. This flaw arises from improper handling within the tcos_decipher function, potentially allowing attackers to exploit the vulnerability to execute arbitrary code. Users and administrators are recommended to upgrade to the latest version to mitigate risks associated with this vulnerability.

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967
x_refsource_MISC
https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc6695...
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2020/11/24/4
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.