CVE-2020-26571 – opensc: stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init
https://notcve.org/view.php?id=CVE-2020-26571
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. El controlador de software de la tarjeta inteligente gemsafe GPK en OpenSC versiones anteriores a 0.21.0-rc1, presenta un desbordamiento en la región stack de la memoria en la función sc_pkcs15emu_gemsafeGPK_init • http://www.openwall.com/lists/oss-security/2020/11/24/4 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612 https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXOHFDMNMO6IDECAGUTB3SJGAGXVRT6S https://access.redhat.com/security/cve/CVE-2020-26571 https://bugzilla.redhat.com/show_bug.cgi?id=1885950 • CWE-787: Out-of-bounds Write •
CVE-2020-26572 – opensc: stack-based buffer overflow in tcos_decipher
https://notcve.org/view.php?id=CVE-2020-26572
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. El controlador de software de la tarjeta inteligente TCOS en OpenSC versiones anteriores a 0.21.0-rc1, presenta un desbordamiento en la región stack de la memoria en la función tcos_decipher • http://www.openwall.com/lists/oss-security/2020/11/24/4 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967 https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817 https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXOHFDMNMO6IDECAGUTB3SJGAGXVRT6S https://access.redhat.com/security/cve/CVE-2020-26572 https://bugzilla.redhat.com/show_bug.cgi?id=1885954 • CWE-787: Out-of-bounds Write •
CVE-2019-19479 – opensc: Incorrect read operation during parsing of a SETCOS file attribute
https://notcve.org/view.php?id=CVE-2019-19479
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. Se detectó un problema en OpenSC versiones hasta 0.19.0 y versiones 0.20.x hasta 0.20.0-rc3. El archivo libopensc/card-setcos.c presenta una operación de lectura incorrecta durante el análisis de un atributo de archivo SETCOS. • http://www.openwall.com/lists/oss-security/2019/12/29/1 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693 https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2 https://lists.debian.org/debian-lts-announce/2019/12/msg00031.html https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5 https://access.redhat.com/security/cve/CVE-2019-194 • CWE-125: Out-of-bounds Read •
CVE-2019-19481 – opensc: Improper handling of buffer limits for CAC certificates
https://notcve.org/view.php?id=CVE-2019-19481
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates. Se detectó un problema en OpenSC versiones hasta 0.19.0 y versiones 0.20.x hasta 0.20.0-rc3. El archivo libopensc/card-cac1.c maneja inapropiadamente los límites del búfer para los certificados CAC. • http://www.openwall.com/lists/oss-security/2019/12/29/1 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18618 https://github.com/OpenSC/OpenSC/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5 https://access.redhat.com/security/cve/CVE-2019-19481 https://bugzilla.redhat.com/show_bug.cgi?id=1782955 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2019-19480
https://notcve.org/view.php?id=CVE-2019-19480
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. Se detectó un problema en OpenSC versiones hasta 0.19.0 y versiones 0.20.x hasta 0.20.0-rc3. El archivo libopensc/pkcs15-prkey.c presenta una operación liberada incorrecta en la función sc_pkcs15_decode_prkdf_entry. • http://www.openwall.com/lists/oss-security/2019/12/29/1 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478 https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5 • CWE-672: Operation on a Resource after Expiration or Release •