CVE-2020-26570
Description
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Heap-buffer overflow in OpenSC's Oberthur driver allows denial of service or potential code execution via crafted smart cards before version 0.21.0-rc1.
Vulnerability
A heap-based buffer overflow exists in the sc_oberthur_read_file function of OpenSC's Oberthur smart card software driver, affecting versions before 0.21.0-rc1 [1]. The vulnerability occurs because the loop reading records does not check that the record index rec stays within the bounds of file->record_count. When processing a malformed smart card with a record count larger than expected, the write operation *out + offs + 2 can overflow the heap-allocated buffer *out [3].
Exploitation
An attacker with physical access to the smart card slot can insert a specially crafted card that induces an out-of-bounds write. No authentication is required beyond card insertion and library interaction. The vulnerable code path is reachable when OpenSC attempts to read the file structure of the card via the Oberthur driver, which is commonly triggered by card enumeration or PIN verification operations [2].
Impact
Successful exploitation can corrupt heap memory, potentially leading to denial of service (crash) or arbitrary code execution within the context of the process using OpenSC. The impact is limited to systems where OpenSC is used with Oberthur smart cards, and the attacker must have physical proximity to insert the malicious card [1][2].
Mitigation
The vulnerability is fixed in OpenSC version 0.21.0-rc1, released on 2020-11-24 [1]. Users should upgrade to this version or later. No workarounds are available; physical access control to smart card readers is the only partial mitigation for unpatched systems [2].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
13- Oberthur/smart card software driverdescription
- Range: <0.21.0-rc1
- osv-coords10 versionspkg:rpm/almalinux/openscpkg:rpm/opensuse/opensc&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/opensc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015
< 0.20.0-4.el8+ 9 more
- (no CPE)range: < 0.20.0-4.el8
- (no CPE)range: < 0.19.0-lp152.3.3.1
- (no CPE)range: < 0.21.0-2.2
- (no CPE)range: < 0.18.0-150000.3.23.1
- (no CPE)range: < 0.18.0-150000.3.23.1
- (no CPE)range: < 0.19.0-3.7.1
- (no CPE)range: < 0.13.0-3.11.1
- (no CPE)range: < 0.18.0-150000.3.23.1
- (no CPE)range: < 0.13.0-3.11.1
- (no CPE)range: < 0.18.0-150000.3.23.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXOHFDMNMO6IDECAGUTB3SJGAGXVRT6S/mitrevendor-advisoryx_refsource_FEDORA
- www.openwall.com/lists/oss-security/2020/11/24/4mitremailing-listx_refsource_MLIST
- bugs.chromium.org/p/oss-fuzz/issues/detailmitrex_refsource_MISC
- github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23emitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2021/11/msg00027.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.