CVE-2020-26572
Description
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack-based buffer overflow in OpenSC's tcos_decipher before 0.21.0-rc1 allows denial of service or potential code execution.
Vulnerability
A stack-based buffer overflow exists in the tcos_decipher function of the TCOS smart card software driver in OpenSC versions before 0.21.0-rc1 [3]. The vulnerability occurs when copying ciphertext data into a fixed-size stack buffer (sbuf) without verifying that the length (crgram_len) does not exceed the buffer size minus one [3]. This leads to a buffer overflow when crgram_len is larger than the buffer can hold.
Exploitation
An attacker can exploit this vulnerability by providing a specially crafted cryptographic input to the tcos_decipher function, typically through a malicious smart card or via any interface that supplies data to the OpenSC driver [3]. No authentication is required if the attacker can control the input data. The exploitation does not require user interaction beyond inserting a card or processing the input.
Impact
Successful exploitation results in a stack-based buffer overflow, which can cause a crash (denial of service) or potentially allow arbitrary code execution with the privileges of the process using OpenSC [3]. This could lead to a full system compromise if the driver runs with elevated permissions.
Mitigation
The vulnerability is fixed in OpenSC version 0.21.0-rc1 and later [1][3]. Users should upgrade to OpenSC 0.21.0 or later. There are no known workarounds; updating is the recommended mitigation.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
12- TCOS/smart card software driverdescription
- osv-coords10 versionspkg:rpm/almalinux/openscpkg:rpm/opensuse/opensc&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/opensc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015
< 0.20.0-4.el8+ 9 more
- (no CPE)range: < 0.20.0-4.el8
- (no CPE)range: < 0.19.0-lp152.3.3.1
- (no CPE)range: < 0.21.0-2.2
- (no CPE)range: < 0.18.0-150000.3.23.1
- (no CPE)range: < 0.18.0-150000.3.23.1
- (no CPE)range: < 0.19.0-3.7.1
- (no CPE)range: < 0.13.0-3.11.1
- (no CPE)range: < 0.18.0-150000.3.23.1
- (no CPE)range: < 0.13.0-3.11.1
- (no CPE)range: < 0.18.0-150000.3.23.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXOHFDMNMO6IDECAGUTB3SJGAGXVRT6S/mitrevendor-advisoryx_refsource_FEDORA
- www.openwall.com/lists/oss-security/2020/11/24/4mitremailing-listx_refsource_MLIST
- bugs.chromium.org/p/oss-fuzz/issues/detailmitrex_refsource_MISC
- github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2021/11/msg00027.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.