CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-42779
https://notcve.org/view.php?id=CVE-2021-42779
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. Se encontró un problema de uso de memoria previamente liberada de la pila en Opensc versiones anteriores a 0.22.0, en la función sc_file_valid • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843 https://bugzilla.redhat.com/show_bug.cgi?id=2016086 https://github.com/OpenSC/OpenSC/commit/1db88374 https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html https://security.gentoo.org/glsa/202209-03 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42780
https://notcve.org/view.php?id=CVE-2021-42780
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library. Se ha encontrado un problema de tipo use after return En Opensc versiones anteriores a 0.22.0, en la función insert_pin que podría bloquear los programas que usan la biblioteca • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383 https://bugzilla.redhat.com/show_bug.cgi?id=2016139 https://github.com/OpenSC/OpenSC/commit/5df913b7 https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html https://security.gentoo.org/glsa/202209-03 • CWE-252: Unchecked Return Value •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42781
https://notcve.org/view.php?id=CVE-2021-42781
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library. Se han encontrado problemas de desbordamiento del búfer de la pila en Opensc versiones anteriores a 0.22.0 en el archivo pkcs15-oberthur.c que podrían bloquear los programas usando la biblioteca • https://bugzilla.redhat.com/show_bug.cgi?id=2016439 https://github.com/OpenSC/OpenSC/commit/05648b06 https://github.com/OpenSC/OpenSC/commit/17d8980c https://github.com/OpenSC/OpenSC/commit/40c50a3a https://github.com/OpenSC/OpenSC/commit/5d4daf6c https://github.com/OpenSC/OpenSC/commit/cae5c71f https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html https://security.gentoo.org/glsa/202209-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42782
https://notcve.org/view.php?id=CVE-2021-42782
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library. Se han encontrado problemas de desbordamiento del buffer de pila en Opensc versiones anteriores a 0.22.0, en varios lugares que podrían bloquear los programas usando la biblioteca • https://bugzilla.redhat.com/show_bug.cgi?id=2016448 https://github.com/OpenSC/OpenSC/commit/1252aca9 https://github.com/OpenSC/OpenSC/commit/456ac566 https://github.com/OpenSC/OpenSC/commit/7114fb71 https://github.com/OpenSC/OpenSC/commit/78cdab94 https://github.com/OpenSC/OpenSC/commit/ae1cf0be https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html https://security.gentoo.org/glsa/202209-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26570 – opensc: heap-based buffer overflow in sc_oberthur_read_file
https://notcve.org/view.php?id=CVE-2020-26570
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file. El controlador de software de la tarjeta inteligente Oberthur en OpenSC versiones anteriores a 0.21.0-rc1, presenta un desbordamiento en la región stack de la memoria en la función sc_oberthur_read_file • http://www.openwall.com/lists/oss-security/2020/11/24/4 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316 https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXOHFDMNMO6IDECAGUTB3SJGAGXVRT6S https://access.redhat.com/security/cve/CVE-2020-26570 https://bugzilla.redhat.com/show_bug.cgi?id=1885947 • CWE-787: Out-of-bounds Write •