CVE-2020-26572: Buffer Overflow
First published: Tue Oct 06 2020(Updated: )
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opensc Project Opensc | <=0.20.0 | |
| Fedoraproject Fedora | =33 | |
| Debian Debian Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2020/11/24/4
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967
- https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817
- https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXOHFDMNMO6IDECAGUTB3SJGAGXVRT6S/
Frequently Asked Questions
What is CVE-2020-26572?
CVE-2020-26572 is a vulnerability in the TCOS smart card software driver in OpenSC before 0.21.0-rc1, which allows a stack-based buffer overflow in tcos_decipher.
How does CVE-2020-26572 affect OpenSC?
CVE-2020-26572 affects OpenSC versions up to and including 0.20.0.
Which software and operating systems are affected by CVE-2020-26572?
OpenSC versions up to and including 0.20.0, Fedora 33, and Debian Linux 9.0 are affected by CVE-2020-26572.
What is the severity of CVE-2020-26572?
CVE-2020-26572 has a severity level of 5.5 (medium).
How can I fix CVE-2020-26572?
To fix CVE-2020-26572, update to OpenSC version 0.21.0-rc1 or later.
- collector/nvd-index
- vendor/opensc project
- canonical/opensc project opensc
- version/opensc project opensc/0.20.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0