Vulnerability Details : CVE-2021-42782
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2021-42782
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-42782
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-42782
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2021-42782
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: secalert@redhat.com (Secondary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-42782
-
https://github.com/OpenSC/OpenSC/commit/1252aca9
cardos: Correctly calculate the left bytes to avoid buffer overrun · OpenSC/OpenSC@1252aca · GitHubPatch;Third Party Advisory
-
https://github.com/OpenSC/OpenSC/commit/ae1cf0be
iasecc: Prevent stack buffer overflow when empty ACL is returned · OpenSC/OpenSC@ae1cf0b · GitHubPatch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html
[SECURITY] [DLA 3463-1] opensc security update
-
https://bugzilla.redhat.com/show_bug.cgi?id=2016448
2016448 – (CVE-2021-42782) CVE-2021-42782 opensc: Stack buffer overflow issues in various placesIssue Tracking;Mailing List;Patch;Third Party Advisory
-
https://github.com/OpenSC/OpenSC/commit/456ac566
PIV Improved parsing of data from the card · OpenSC/OpenSC@456ac56 · GitHubPatch;Third Party Advisory
-
https://security.gentoo.org/glsa/202209-03
OpenSC: Multiple Vulnerabilities (GLSA 202209-03) — Gentoo securityThird Party Advisory
-
https://github.com/OpenSC/OpenSC/commit/78cdab94
tcos: prevent out of bounds read · OpenSC/OpenSC@78cdab9 · GitHubPatch;Third Party Advisory
-
https://github.com/OpenSC/OpenSC/commit/7114fb71
coolkey: Initialize potentially uninitialized memory · OpenSC/OpenSC@7114fb7 · GitHubPatch;Third Party Advisory
Jump to