Lucene search
K

19 matches found

Vulnrichment
Vulnrichment
added 2026/05/29 1:38 p.m.10 views

CVE-2026-40528 OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.c

OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the dokeyvalue function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init invocation, a key value entry...

3.8CVSS5.9AI score0.00146EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 12:29 a.m.7 views

CLSA-2026-1779101894 opensc: Fix of CVE-2023-40661

CVE-2023-40661: fix multiple smartcard pkcs15init buffer overflows, underflows and out-of-bounds writes scpkcs15initrmdir, setcoscreatekey, cosmnewfile, cosmcreatekey, scpkcs15getlastupdate, iasecc-sdo, entersafe, epass2003 keygen...

6.4CVSS6.7AI score0.01174EPSS
Exploits0References1
OSV
OSV
added 2025/09/05 12:16 p.m.3 views

SUSE-SU-2025:20671-1 Security update for opensc

This update for opensc fixes the following issues: - CVE-2023-5992: Side-channel leaks while stripping encryption PKCS1 padding bsc1219386. - CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key bsc1230364. - CVE-2024-45620: Incorrect handling of the length of buffers or file...

5.9CVSS6.1AI score0.01156EPSS
Exploits1References17
SUSE Linux
SUSE Linux
added 2025/09/05 12:16 p.m.2 views

Security update for opensc

This update for opensc fixes the following issues: CVE-2023-5992: Side-channel leaks while stripping encryption PKCS1 padding bsc1219386. CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key bsc1230364. CVE-2024-45620: Incorrect handling of the length of buffers or files in...

4.4CVSS6.3AI score0.01156EPSS
Exploits1References32
Microsoft CVE
Microsoft CVE
added 2025/09/04 3:57 a.m.7 views

Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init

...

3.9CVSS6.7AI score0.00287EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/09/04 3:45 a.m.7 views

Libopensc: pkcs15init: usage of uninitialized values in libopensc and pkcs15init

...

3.9CVSS6.7AI score0.00355EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/09/04 3:34 a.m.8 views

Libopensc: incorrect handling of the length of buffers or files in pkcs15init

...

3.9CVSS6.7AI score0.00293EPSS
Exploits0
Mageia
Mageia
added 2025/03/13 6:25 p.m.27 views

Updated opensc packages fix security vulnerabilities

Heap buffer overflow in openpgp driver when generating key. CVE-2024-8443 Usage of uninitialized values in libopensc and pkcs15init. CVE-2024-45615 Uninitialized values after incorrect check or usage of apdu response values in libopensc. CVE-2024-45616 Uninitialized values after incorrect or...

4.3CVSS4.7AI score0.00355EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/02/03 9:3 a.m.1 views

Security update for opensc

This update for opensc fixes the following issues: CVE-2024-8443: Fixed heap buffer overflow in OpenPGP driver when generating key bsc1230364 CVE-2024-45620: Fixed incorrect handling of the length of buffers or files in pkcs15init bsc1230076 CVE-2024-45619: Fixed incorrect handling length of...

3.9CVSS7.9AI score0.00355EPSS
Exploits0References28
OSV
OSV
added 2025/02/03 9:3 a.m.4 views

SUSE-SU-2025:20072-1 Security update for opensc

This update for opensc fixes the following issues: - CVE-2024-8443: Fixed heap buffer overflow in OpenPGP driver when generating key bsc1230364 - CVE-2024-45620: Fixed incorrect handling of the length of buffers or files in pkcs15init bsc1230076 - CVE-2024-45619: Fixed incorrect handling length o...

4.3CVSS6.1AI score0.00355EPSS
Exploits0References15
Vulnrichment
Vulnrichment
added 2024/09/03 9:21 p.m.20 views

CVE-2024-45620 Libopensc: incorrect handling of the length of buffers or files in pkcs15init

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accesse...

3.9CVSS6.8AI score0.00293EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/03 9:21 p.m.32 views

CVE-2024-45618 Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have...

3.9CVSS0.00287EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/03 9:21 p.m.21 views

CVE-2024-45618 Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have...

3.9CVSS4AI score0.00287EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/02/29 12:0 a.m.21 views

CentOS 9 : opensc-0.23.0-2.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the opensc-0.23.0-2.el9 build changelog. - buffer overrun in pkcs15init for cardos CVE-2023-2977 Note that Nessus has not tested for this issue but has instead relied only on the...

7.1CVSS7AI score0.00295EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2023/12/18 12:0 a.m.36 views

opensc security update

0.20.0-7 - Fix file caching with different offsets RHEL-4077 - Fix CVE-2023-40660: Potential PIN bypass - Fix CVE-2023-40661: Dynamic analyzers reports in pkcs15init - Fix CVE-2023-5992: Marvin: Side-channel leaks while stripping encryption PKCS1.5 padding...

6.6CVSS7.3AI score0.01174EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/12/10 12:0 a.m.4 views

PT-2023-35634 · Git +1 · Opensc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free READ 8 crash. The crash involves several functions, including authentic emu update tokeninfo, sc pkcs15init...

6.9AI score
Exploits0References2
CNNVD
CNNVD
added 2023/10/13 12:0 a.m.3 views

OpenSC Security Vulnerabilities

OpenSC is an open source smart card tool and middleware. A security vulnerability exists in OpenSC that stems from a security flaw in pkcs15init's handling of the card registration process...

6.4CVSS6.8AI score0.01174EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2022/12/03 12:0 a.m.3 views

PT-2022-36800 · Git +1 · Opensc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-overflow crash. Technical details about the crash include the sc pkcs15init rmdir, sc pkcs15init erase card...

6.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/24 12:0 a.m.3 views

PT-2022-37213 · Git +1 · Opensc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-double-free crash. Technical details about the crash include the function names sc pkcs15 encode df, sc pkcs15init update...

6.9AI score
Exploits0References2
Rows per page
Query Builder