CVE-2020-26572
- Source
- https://cve.org/CVERecord?id=CVE-2020-26572
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26572.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-26572
- Downstream
- Related
- Published
- 2020-10-06T02:15:13.130Z
- Modified
- 2026-02-04T23:13:52.601127Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXOHFDMNMO6IDECAGUTB3SJGAGXVRT6S/
- http://www.openwall.com/lists/oss-security/2020/11/24/4
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967
- https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817
- https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html
- https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817
- http://www.openwall.com/lists/oss-security/2020/11/24/4
- https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html
Affected packages
Git / github.com/opensc/opensc
Affected ranges
- Type
- GIT
- Repo
- https://github.com/opensc/opensc
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.12.2
0.12.2-rc1
0.13.0
0.13.0pre1
0.13.0rc1
0.14.0
0.14.0rc2
0.14.0rtm
0.15.0
0.16.0
0.16.0-rc1
0.16.0-rc2
0.17.0
0.17.0-rc1
0.17.0-rc2
0.18.0
0.18.0-rc1
0.18.0-rc2
0.19.0
0.19.0-rc1
0.20.0
0.20.0-rc1
0.20.0-rc2
0.20.0-rc3
0.20.0-rc4
v0.*
v0.12.2
v0.16.0-pre1
Database specific
vanir_signatures
[
{
"deprecated": false,
"source": "https://github.com/opensc/opensc/commit/9d294de90d1cc66956389856e60b6944b27b4817",
"id": "CVE-2020-26572-70cc3a8b",
"target": {
"file": "src/libopensc/card-tcos.c"
},
"digest": {
"line_hashes": [
"58466695333159636353363207331574836164",
"202577461546426578785310313971106836046",
"284255860012804969870862664979029655002",
"139437758083297902526057034584382767580"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/opensc/opensc/commit/9d294de90d1cc66956389856e60b6944b27b4817",
"id": "CVE-2020-26572-cb06db58",
"target": {
"file": "src/libopensc/card-tcos.c",
"function": "tcos_decipher"
},
"digest": {
"function_hash": "114247950551260681955303043934807423823",
"length": 1581.0
},
"signature_type": "Function",
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26572.json"