30 matches found
SUSE-SU-2026:1477-1 Security update for opensc
This update for opensc fixes the following issues: - CVE-2025-49010: specially crafted smart card or USB device can lead to a stack buffer overflow write in GET RESPONSE bsc1261214. - CVE-2025-66037: specially crafted input processed by the fuzzpkcs15reader harness can lead to an out-of-bounds he...
OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
...
CVE-2025-49010
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that wou...
DEBIAN-CVE-2025-49010
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that wou...
UBUNTU-CVE-2025-49010
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that wou...
CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that wou...
EUVD-2025-209124
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that wou...
CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that wou...
CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that wou...
CVE-2025-49010
OpenSC is affected prior to 0.27.0 by a stack-buffer-overflow in GET RESPONSE triggered by a crafted USB device or smart card presenting specially crafted APDU responses. The issue requires physical access and user interaction, with a low impact per the CVSS vector. A fix is available in OpenSC 0...
OpenSC 安全漏洞
OpenSC is an open-source smart card tool and middleware developed by OpenSC. Versions of OpenSC prior to 0.27.0 contained security vulnerabilities. These vulnerabilities were caused by stack buffer overflows during the GET RESPONSE process, which could allow attackers with physical access rights ...
CVE-2026-23842
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...
ChatterBot Vulnerable to Denial of Service via Database Connection Pool Exhaustion
Summary ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust the underlying SQLAlchemy connection pool, resulting in persistent service...
Missing Release of Resource after Effective Lifetime
Overview ChatterBot is a ChatterBot is a machine learning, conversational dialog engine Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime via the getresponse function. An attacker can cause persistent service unavailability by making concurre...
CVE-2026-23842
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...
CVE-2026-23842
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...
CVE-2026-23842
Summary of CVE-2026-23842 (ChatterBot): Up to version 1.2.10, ChatterBot is vulnerable to denial-of-service caused by improper database session and SQLAlchemy connection pool management. Concurrent calls to get_response() can exhaust the SQLAlchemy QueuePool, leaving the service unresponsive and ...
CVE-2026-23842 ChatterBot has Denial of Service via Database Connection Pool Exhaustion
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...
CVE-2026-23842 ChatterBot has Denial of Service via Database Connection Pool Exhaustion
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...
octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c
...