First published: Tue Oct 06 2020(Updated: )
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Opensc Project Opensc | <=0.20.0 | |
Debian Debian Linux | =9.0 | |
Fedoraproject Fedora | =33 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-26571 refers to a stack-based buffer overflow vulnerability in the gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1.
The severity of CVE-2020-26571 is medium with a CVSS score of 5.5.
The affected software versions are OpenSC before 0.21.0-rc1, Debian Linux 9.0, and Fedora 33.
To fix CVE-2020-26571, update to OpenSC version 0.21.0-rc1 or later.
The references for CVE-2020-26571 are: [1] http://www.openwall.com/lists/oss-security/2020/11/24/4, [2] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612, [3] https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html.