opensc: Multiple vulnerabilities (CVE-2020-26570, CVE-2020-26571 and CVE-2020-26572)
CVE-2020-26570: heap-based buffer overflow in sc_oberthur_read_file
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.
References:
- https://github.com/OpenSC/OpenSC/releases/tag/0.21.0
- https://www.openwall.com/lists/oss-security/2020/11/24/4
CVE-2020-26571: stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
References:
- https://www.openwall.com/lists/oss-security/2020/11/24/4
- https://github.com/OpenSC/OpenSC/releases/tag/0.21.0
Patch:
https://github.com/OpenSC/OpenSC/commit/ed55fcd2996930bf58b9bb57e9ba7b1f3a753c43
CVE-2020-26572: stack-based buffer overflow in tcos_decipher
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
References:
- https://www.openwall.com/lists/oss-security/2020/11/24/4
- https://github.com/OpenSC/OpenSC/releases/tag/0.21.0
Affected branches:
-
master -
3.12-stable