Page 3 of 41 results (0.036 seconds)

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library. Se han encontrado problemas de desbordamiento del buffer de pila en Opensc versiones anteriores a 0.22.0, en varios lugares que podrían bloquear los programas usando la biblioteca • https://bugzilla.redhat.com/show_bug.cgi?id=2016448 https://github.com/OpenSC/OpenSC/commit/1252aca9 https://github.com/OpenSC/OpenSC/commit/456ac566 https://github.com/OpenSC/OpenSC/commit/7114fb71 https://github.com/OpenSC/OpenSC/commit/78cdab94 https://github.com/OpenSC/OpenSC/commit/ae1cf0be https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html https://security.gentoo.org/glsa/202209-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0

The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file. El controlador de software de la tarjeta inteligente Oberthur en OpenSC versiones anteriores a 0.21.0-rc1, presenta un desbordamiento en la región stack de la memoria en la función sc_oberthur_read_file • http://www.openwall.com/lists/oss-security/2020/11/24/4 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316 https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXOHFDMNMO6IDECAGUTB3SJGAGXVRT6S https://access.redhat.com/security/cve/CVE-2020-26570 https://bugzilla.redhat.com/show_bug.cgi?id=1885947 • CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. El controlador de software de la tarjeta inteligente gemsafe GPK en OpenSC versiones anteriores a 0.21.0-rc1, presenta un desbordamiento en la región stack de la memoria en la función sc_pkcs15emu_gemsafeGPK_init • http://www.openwall.com/lists/oss-security/2020/11/24/4 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612 https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXOHFDMNMO6IDECAGUTB3SJGAGXVRT6S https://access.redhat.com/security/cve/CVE-2020-26571 https://bugzilla.redhat.com/show_bug.cgi?id=1885950 • CWE-787: Out-of-bounds Write •

CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0

The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. El controlador de software de la tarjeta inteligente TCOS en OpenSC versiones anteriores a 0.21.0-rc1, presenta un desbordamiento en la región stack de la memoria en la función tcos_decipher • http://www.openwall.com/lists/oss-security/2020/11/24/4 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967 https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817 https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXOHFDMNMO6IDECAGUTB3SJGAGXVRT6S https://access.redhat.com/security/cve/CVE-2020-26572 https://bugzilla.redhat.com/show_bug.cgi?id=1885954 • CWE-787: Out-of-bounds Write •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check. OpenSC versiones anteriores a 0.20.0, tiene una vulnerabilidad de doble liberación en la función coolkey_free_private_data porque la función coolkey_add_object en el archivo libopensc/card-coolkey.c carece de una comprobación de unicidad. A use-after-free vulnerability was discovered in OpenSC while disconnecting a smart card. This flaw allows a physical attacker to exploit this vulnerability by inserting and removing a malicious smart card, handled by the coolkey driver, that could potentially execute code on the target system, with privileges that depend on the particular configuration and system that makes use of the OpenSC library. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208 https://github.com/OpenSC/OpenSC/commit/c246f6f69a749d4f68626b40795a4f69168008f4 https://github.com/OpenSC/OpenSC/compare/0.19.0...0.20.0 https://access.redhat.com/security/cve/CVE-2019-20792 https://bugzilla.redhat.com/show_bug.cgi?id=1837946 • CWE-415: Double Free CWE-416: Use After Free •