Home > Vulnerability Database > CVE-2021-42782

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2021-42782

Date: April 17, 2022

Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.

Severity Score

5.3

Related Resources (13)

Url: https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-42782

Url: https://access.redhat.com/security/cve/CVE-2021-42782

Url: https://security.gentoo.org/glsa/202209-03

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-42782

Url: https://github.com/OpenSC/OpenSC/commit/78cdab94

Url: https://github.com/OpenSC/OpenSC/commit/ae1cf0be

Url: https://security-tracker.debian.org/tracker/CVE-2021-42782

Url: https://github.com/OpenSC/OpenSC/commit/1252aca9

Url: https://github.com/OpenSC/OpenSC/commit/7114fb71

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2016448

Url: https://github.com/OpenSC/OpenSC/commit/456ac566

Url: https://www.mend.io/vulnerability-database/CVE-2021-42782

Severity Score

5.3

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

Out-of-bounds Write

CWE-787

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us