Lucene search
K

127 matches found

Microsoft CVE
Microsoft CVE
added 2023/06/06 7:0 a.m.5 views

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.

...

7.1CVSS6.7AI score0.00295EPSS
Exploits0
NVD
NVD
added 2023/06/01 1:15 a.m.16 views

CVE-2023-2977

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardoshaveverifyrcpackage. The attacker can supply a smart card package with malformed ASN1 context. The cardoshaveverifyrcpackage function scans the ASN1 buffer for 2 tags, where remaining lengt...

7.1CVSS6.8AI score0.00295EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2023/06/01 1:15 a.m.25 views

CVE-2023-2977

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardoshaveverifyrcpackage. The attacker can supply a smart card package with malformed ASN1 context. The cardoshaveverifyrcpackage function scans the ASN1 buffer for 2 tags, where remaining lengt...

7.1CVSS7AI score0.00295EPSS
Exploits0
Prion
Prion
added 2023/06/01 1:15 a.m.18 views

Heap overflow

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardoshaveverifyrcpackage. The attacker can supply a smart card package with malformed ASN1 context. The cardoshaveverifyrcpackage function scans the ASN1 buffer for 2 tags, where remaining lengt...

3.2CVSS6.7AI score0.00295EPSS
Exploits0References7Affected Software2
Cvelist
Cvelist
added 2023/06/01 12:0 a.m.28 views

CVE-2023-2977

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardoshaveverifyrcpackage. The attacker can supply a smart card package with malformed ASN1 context. The cardoshaveverifyrcpackage function scans the ASN1 buffer for 2 tags, where remaining lengt...

7.1AI score0.00295EPSS
Exploits0References7
CVE
CVE
added 2023/06/01 12:0 a.m.161 views

CVE-2023-2977

CVE-2023-2977 affects OpenSC pkcs15 code path (cardos_have_verifyrc_package). A malformed ASN.1 context in a smart-card package can trigger a heap-based buffer out-of-bounds read, potentially crashing the process and enabling information leakage when ASAN is enabled during compile. Connected advi...

7.1CVSS6.7AI score0.00295EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2023/06/01 12:0 a.m.20 views

CVE-2023-2977

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardoshaveverifyrcpackage. The attacker can supply a smart card package with malformed ASN1 context. The cardoshaveverifyrcpackage function scans the ASN1 buffer for 2 tags, where remaining lengt...

7.1CVSS6.7AI score0.00295EPSS
Exploits0
OSV
OSV
added 2023/06/01 12:0 a.m.24 views

CVE-2023-2977

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardoshaveverifyrcpackage. The attacker can supply a smart card package with malformed ASN1 context. The cardoshaveverifyrcpackage function scans the ASN1 buffer for 2 tags, where remaining lengt...

7.1CVSS7.2AI score0.00295EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2023/05/30 1:40 p.m.111 views

CVE-2023-2977

A vulnerability was found in OpenSC. This issue causes a buffer overrun in the pkcs15 cardoshaveverifyrcpackage. This flaw allows an attacker to supply a smart card package with a malformed ASN1 context. The cardoshaveverifyrcpackage function scans the ASN1 buffer for two tags, where the remainin...

6.3CVSS6.8AI score0.00295EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.8 views

PT-2023-22410 · Opensc +7 · Opensc +7

Name of the Vulnerable Software and Affected Versions: OpenSC affected versions not specified Description: A security flaw in OpenSC causes a buffer overrun vulnerability in pkcs15 cardos have verifyrc package. An attacker can supply a smart card package with malformed ASN1 context. The cardos ha...

7.5CVSS5.6AI score0.02805EPSS
Exploits2References117
SUSE CVE
SUSE CVE
added 2023/02/15 6:7 a.m.6 views

SUSE CVE-2008-3972

pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of...

6.6CVSS7AI score0.00369EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.4 views

SUSE CVE-2021-42781

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library...

7.1CVSS8.7AI score0.02805EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/08/24 12:0 a.m.3 views

PT-2022-37213 · Git +1 · Opensc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-double-free crash. Technical details about the crash include the function names sc pkcs15 encode df, sc pkcs15init update...

6.9AI score
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2022/04/26 7:0 a.m.3 views

A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.

...

5.3CVSS6.4AI score0.0209EPSS
Exploits0
OSV
OSV
added 2022/04/18 5:15 p.m.21 views

CVE-2021-42781

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library...

5.3CVSS7.2AI score
Exploits0References9
NVD
NVD
added 2022/04/18 5:15 p.m.20 views

CVE-2021-42781

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library...

5.3CVSS0.02805EPSS
Exploits0References9
OSV
OSV
added 2022/04/18 5:15 p.m.6 views

AZL-9484 CVE-2021-42781 affecting package opensc for versions less than 0.22.0-1

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library...

5.3CVSS6.9AI score0.02805EPSS
Exploits0References1
Prion
Prion
added 2022/04/18 5:15 p.m.26 views

Heap overflow

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library...

5CVSS5.7AI score0.02805EPSS
Exploits0References8Affected Software3
OSV
OSV
added 2022/04/18 5:15 p.m.4 views

UBUNTU-CVE-2021-42781

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library...

5.3CVSS7.4AI score0.02805EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/04/18 12:0 a.m.33 views

CVE-2021-42781

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library...

6.2AI score0.02805EPSS
Exploits0References8
Rows per page
Query Builder