Astra Linux - уязвимость в opensc

Before version 0.20.0-rc1, OpenSC had a buffer overflow vulnerability related to accessing an ASN.1 bitstring within decodebitstring in the libopensc/asn1.c file...

Unity Linux 20.1070e Security Update: opensc (UTSA-2026-017704)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017704 advisory. The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in scpkcs15emugemsafeGPKinit. Tenable has extracted the...

CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that wou...

CVE-2025-24531

In OpenSC pampkcs11 before 0.6.13, pamsmauthenticate wrongly returns PAMIGNORE in many error situations such as an error triggered by a smartcard before login, allowing authentication bypass...

Linux Distros Unpatched Vulnerability : CVE-2018-16393

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafegetcertlen in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1...

Linux Distros Unpatched Vulnerability : CVE-2019-6502

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sccontextcreate in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. CVE-2019-6502 Note that Nessus relies on the...

AZL-35077 CVE-2023-5992 affecting package opensc for versions less than 0.25.1-3

A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data...

UBUNTU-CVE-2019-20792

OpenSC before 0.20.0 has a double free in coolkeyfreeprivatedata because coolkeyaddobject in libopensc/card-coolkey.c lacks a uniqueness check...

UBUNTU-CVE-2019-16058

An issue was discovered in the pamp11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme...

opensc: Buffer overflows handling responses from TCOS Cards in card-tcos.c:tcos_select_file()

Several buffer overflows when handling responses from a TCOS Card in tcosselectfile in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impact...

DEBIAN-CVE-2018-16391

Several buffer overflows when handling responses from a Muscle Card in musclelistfiles in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impact...