6 matches found
DEBIAN-CVE-2025-66038
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sccompacttlvfindtag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag high nibble and value length low nibble. With a 1-byte buffer 0x0A, the encoded element claims tag=0...
CVE-2025-66038
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sccompacttlvfindtag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag high nibble and value length low nibble. With a 1-byte buffer 0x0A, the encoded element claims tag=0...
EUVD-2025-209127
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sccompacttlvfindtag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag high nibble and value length low nibble. With a 1-byte buffer 0x0A, the encoded element claims tag=0...
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sccompacttlvfindtag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag high nibble and value length low nibble. With a 1-byte buffer 0x0A, the encoded element claims tag=0...
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sccompacttlvfindtag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag high nibble and value length low nibble. With a 1-byte buffer 0x0A, the encoded element claims tag=0...
CVE-2025-66038
OpenSC before 0.27.0 contains a validation flaw in sc_compacttlv_find_tag: for a compact-TLV element with a single-byte header (tag high nibble, length low nibble), a buffer like {0x0A} can claim tag=0 and length=10, but the code does not verify that the claimed length fits in the remaining buffe...