The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in scoberthurread_file.
[ { "id": "CVE-2020-26570-084e85fd", "deprecated": false, "target": { "file": "src/libopensc/pkcs15-oberthur.c" }, "signature_version": "v1", "source": "https://github.com/opensc/opensc/commit/6903aebfddc466d966c7b865fae34572bf3ed23e", "digest": { "threshold": 0.9, "line_hashes": [ "296330052860174509237775165804406857386", "244157986531433416436298344378663818487", "208350302135471509131891751559514547061", "247359544980144280440317914934986616952", "273011554056298804416965627231405202824", "9348176036366894479978468326619964069", "279025798764699565876518821033943256156" ] }, "signature_type": "Line" }, { "id": "CVE-2020-26570-d6b99868", "deprecated": false, "target": { "file": "src/libopensc/pkcs15-oberthur.c", "function": "sc_oberthur_read_file" }, "signature_version": "v1", "source": "https://github.com/opensc/opensc/commit/6903aebfddc466d966c7b865fae34572bf3ed23e", "digest": { "function_hash": "264061215140907092068901924200830202220", "length": 2637.0 }, "signature_type": "Function" } ]