OpenSC up to 0.20.0 Oberthur Smart Card Software Driver sc_oberthur_read_file buffer overflow

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in OpenSC up to 0.20.0 and classified as critical. This vulnerability affects the function sc_oberthur_read_file of the component Oberthur Smart Card Software Driver. Upgrading to version 0.21.0-rc1 eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1062214811/16/2020VulD...cvss2_nvd_aiPnvd.nist.gov11/16/2020accepted70
1062214711/16/2020VulD...cvss2_nvd_iiNnvd.nist.gov11/16/2020accepted70
1062214611/16/2020VulD...cvss2_nvd_ciNnvd.nist.gov11/16/2020accepted70
1062214511/16/2020VulD...cvss2_nvd_auNnvd.nist.gov11/16/2020accepted70
1062214411/16/2020VulD...cvss2_nvd_acLnvd.nist.gov11/16/2020accepted70
1062214311/16/2020VulD...cvss2_nvd_avLnvd.nist.gov11/16/2020accepted70
1062214211/16/2020VulD...cvss3_nvd_aHnvd.nist.gov11/16/2020accepted70
1062214111/16/2020VulD...cvss3_nvd_iNnvd.nist.gov11/16/2020accepted70
1062214011/16/2020VulD...cvss3_nvd_cNnvd.nist.gov11/16/2020accepted70
1062213911/16/2020VulD...cvss3_nvd_sUnvd.nist.gov11/16/2020accepted70
1062213811/16/2020VulD...cvss3_nvd_uiNnvd.nist.gov11/16/2020accepted70
1062213711/16/2020VulD...cvss3_nvd_prLnvd.nist.gov11/16/2020accepted70
1062213611/16/2020VulD...cvss3_nvd_acLnvd.nist.gov11/16/2020accepted70
1062213511/16/2020VulD...cvss3_nvd_avLnvd.nist.gov11/16/2020accepted70
1062213411/16/2020VulD...cve_nvd_summaryThe Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.cve.mitre.org11/16/2020accepted70
1062213311/16/2020VulD...cve_assigned1601935200cve.mitre.org11/16/2020accepted70
1062215011/15/2020VulD...cvss3_nvd_basescore5.5nist.gov11/15/2020accepted90
1062214911/15/2020VulD...cvss2_nvd_basescore2.1nist.gov11/15/2020accepted90
1047785010/06/2020VulD...price_0day$0-$5ksee documentation10/06/2020accepted90
1047784910/06/2020VulD...cvss3_meta_tempscore5.5see documentation10/06/2020accepted90

Do you need the next level of professionalism?

Upgrade your account now!