CVE-2021-42781: 
NixOS vulnerability analysis and mitigation

A heap buffer overflow vulnerability was discovered in OpenSC before version 0.22.0, specifically in the pkcs15-oberthur.c file. This vulnerability was assigned CVE-2021-42781 and could potentially cause programs using the library to crash (NVD, CVE).

The vulnerability is classified as a heap buffer overflow issue with a CVSS v3.1 Base Score of 5.3 (Medium) and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. The issue is related to improper memory handling in the pkcs15-oberthur.c component, specifically affecting buffer operations. The vulnerability is tracked under CWE-787 (Out-of-bounds Write) and CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) (NVD).

The primary impact of this vulnerability is the potential crash of programs utilizing the OpenSC library. The vulnerability affects the availability of the system but does not appear to compromise confidentiality or integrity (NVD, Debian LTS).

The vulnerability has been fixed in OpenSC version 0.22.0. Users are advised to upgrade to this version or later. Multiple patches have been released to address the issue, including commits to fix various buffer overflow scenarios. Distribution-specific fixes have also been released, such as version 0.19.0-1+deb10u2 for Debian 10 and version 0.22.0 for Gentoo (Gentoo Security, Debian LTS).