Base Score

MEDIUM5.3

CVE-2021-42781

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.

VectorNETWORK

Published Bysecalert@redhat.com

Published DateApr 18, 2022, 17:15

Weakness Type (CWE):CWE-787

CVSS Metrics

Base Score

5.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

LOW

References

https://bugzilla.redhat.com/show_bug.cgi?id=2016439
https://github.com/OpenSC/OpenSC/commit/05648b06
https://github.com/OpenSC/OpenSC/commit/17d8980c
https://github.com/OpenSC/OpenSC/commit/40c50a3a
https://github.com/OpenSC/OpenSC/commit/5d4daf6c
https://github.com/OpenSC/OpenSC/commit/cae5c71f
https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html
https://security.gentoo.org/glsa/202209-03
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html

Base Score

MEDIUM5.3

Weakness Type (CWE):CWE-787

CVSS Metrics

Base Score

5.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

LOW