CLSA-2026-1779101894 opensc: Fix of CVE-2023-40661

CVE-2023-40661: fix multiple smartcard pkcs15init buffer overflows, underflows and out-of-bounds writes scpkcs15initrmdir, setcoscreatekey, cosmnewfile, cosmcreatekey, scpkcs15getlastupdate, iasecc-sdo, entersafe, epass2003 keygen...

Unity Linux 20.1070e Security Update: opensc (UTSA-2026-017712)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017712 advisory. The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in scoberthurreadfile. Tenable has extracted the preceding...

CVE-2025-13763 affecting package opensc for versions less than 0.27.1-1

CVE-2025-13763 affecting package opensc for versions less than 0.27.1-1. A patched version of the package is available...

CVE-2026-40528 affecting package opensc for versions less than 0.27.0-1

CVE-2026-40528 affecting package opensc for versions less than 0.27.0-1. A patched version of the package is available...

CVE-2026-40510 affecting package opensc for versions less than 0.27.0-rc1

CVE-2026-40510 affecting package opensc for versions less than 0.27.0-rc1. A patched version of the package is available...

CVE-2025-66037 affecting package opensc for versions less than 0.27.1-1

CVE-2025-66037 affecting package opensc for versions less than 0.27.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-66215 affecting package opensc for versions less than 0.27.1-1

CVE-2025-66215 affecting package opensc for versions less than 0.27.1-1. An upgraded version of the package is available that resolves this issue...

Astra Linux – Vulnerability in opensc

A vulnerability was discovered in OpenSC, OpenSC tools, the PKCS11 module, minidrivers, and CTKs. An attacker could use a specially crafted USB device or smart card, which would send a specially crafted response to APDUs to the system. When buffers are partially filled with data, the initialized...

Astra Linux – Vulnerability in opensc

A vulnerability was discovered in OpenSC, OpenSC tools, the PKCS11 module, minidrivers, and CTK. The issue arises from the lack of initialization of variables that should be initialized as arguments to other functions, etc...

Astra Linux – Vulnerability in opensc

A heap double-free issue was detected in Opensc before version 0.22.0 in scpkcs15freetokeninfo...

Astra Linux – Vulnerability in opensc

A issue was discovered in OpenSC between versions 0.19.0 and 0.20.x, as well as in versions 0.20.0-rc3. There is an incorrect read operation in the code for libopensc/card-setcos.c during the parsing of a SETCOS file attribute...

Astra Linux – Vulnerability in opensc

OpenSC before version 0.20.0 has a double-free issue in coolkeyfreeprivatedata, because the coolkeyaddobject function in libopensc/card-coolkey.c lacks a uniqueness check...

Astra Linux – Vulnerability in opensc

A vulnerability was discovered in the pkcs15-init function in OpenSC. An attacker could use a specially crafted USB Device or Smart Card, causing the system to send a specially crafted response to APDUs. Insufficient or missing checks on the return values of functions lead to unexpected behavior...

Astra Linux – Vulnerability in opensc

Buffer overflow issues were identified in Opensc before version 0.22.0 in various locations, which could potentially cause programs using the library to crash...

Astra Linux – Vulnerability in opensc

A vulnerability was discovered in OpenSC, OpenSC tools, the PKCS11 module, minidrivers, and CTK. An attacker could use a specially crafted USB device or smart card, causing the system to send specially crafted APDUs. Insufficient or missing checks on the return values of functions lead to...

Astra Linux – Vulnerability in opensc

A heap usage issue after a free operation was detected in Opensc before version 0.22.0 in scfilevalid...

Fedora 44 : opensc (2026-8c5856afbb)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-8c5856afbb advisory. New upstream release 2442363 fixing various security issues. Tenable has extracted the preceding description block directly from the Fedora security...

CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable

Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs...

SUSE-SU-2026:21283-1 Security update for opensc

This update for opensc fixes the following issues: - CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses bsc1261214. - CVE-2025-66037: crafted input can cause an out-of-bounds read bsc1261218. - CVE-2025-66038: improper compact-TLV length validation can lead to...

Security update for opensc

This update for opensc fixes the following issues: CVE-2025-49010: specially crafted smart card or USB device can lead to a stack buffer overflow write in GET RESPONSE bsc1261214. CVE-2025-66037: specially crafted input processed by the fuzzpkcs15reader harness can lead to an out-of-bounds heap...