CVE-2026-40528 OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.c

OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the dokeyvalue function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init invocation, a key value entry...

CLSA-2026-1779101894 opensc: Fix of CVE-2023-40661

CVE-2023-40661: fix multiple smartcard pkcs15init buffer overflows, underflows and out-of-bounds writes scpkcs15initrmdir, setcoscreatekey, cosmnewfile, cosmcreatekey, scpkcs15getlastupdate, iasecc-sdo, entersafe, epass2003 keygen...

SUSE-SU-2025:20671-1 Security update for opensc

This update for opensc fixes the following issues: - CVE-2023-5992: Side-channel leaks while stripping encryption PKCS1 padding bsc1219386. - CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key bsc1230364. - CVE-2024-45620: Incorrect handling of the length of buffers or file...

Security update for opensc

This update for opensc fixes the following issues: CVE-2023-5992: Side-channel leaks while stripping encryption PKCS1 padding bsc1219386. CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key bsc1230364. CVE-2024-45620: Incorrect handling of the length of buffers or files in...

Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init

...

Libopensc: pkcs15init: usage of uninitialized values in libopensc and pkcs15init

...

Libopensc: incorrect handling of the length of buffers or files in pkcs15init

...

Updated opensc packages fix security vulnerabilities

Heap buffer overflow in openpgp driver when generating key. CVE-2024-8443 Usage of uninitialized values in libopensc and pkcs15init. CVE-2024-45615 Uninitialized values after incorrect check or usage of apdu response values in libopensc. CVE-2024-45616 Uninitialized values after incorrect or...

Security update for opensc

This update for opensc fixes the following issues: CVE-2024-8443: Fixed heap buffer overflow in OpenPGP driver when generating key bsc1230364 CVE-2024-45620: Fixed incorrect handling of the length of buffers or files in pkcs15init bsc1230076 CVE-2024-45619: Fixed incorrect handling length of...

SUSE-SU-2025:20072-1 Security update for opensc

This update for opensc fixes the following issues: - CVE-2024-8443: Fixed heap buffer overflow in OpenPGP driver when generating key bsc1230364 - CVE-2024-45620: Fixed incorrect handling of the length of buffers or files in pkcs15init bsc1230076 - CVE-2024-45619: Fixed incorrect handling length o...

CVE-2024-45620 Libopensc: incorrect handling of the length of buffers or files in pkcs15init

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accesse...

CVE-2024-45618 Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have...

CVE-2024-45618 Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have...

CentOS 9 : opensc-0.23.0-2.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the opensc-0.23.0-2.el9 build changelog. - buffer overrun in pkcs15init for cardos CVE-2023-2977 Note that Nessus has not tested for this issue but has instead relied only on the...

opensc security update

0.20.0-7 - Fix file caching with different offsets RHEL-4077 - Fix CVE-2023-40660: Potential PIN bypass - Fix CVE-2023-40661: Dynamic analyzers reports in pkcs15init - Fix CVE-2023-5992: Marvin: Side-channel leaks while stripping encryption PKCS1.5 padding...

PT-2023-35634 · Git +1 · Opensc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free READ 8 crash. The crash involves several functions, including authentic emu update tokeninfo, sc pkcs15init...

OpenSC Security Vulnerabilities

OpenSC is an open source smart card tool and middleware. A security vulnerability exists in OpenSC that stems from a security flaw in pkcs15init's handling of the card registration process...

PT-2022-36800 · Git +1 · Opensc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-overflow crash. Technical details about the crash include the sc pkcs15init rmdir, sc pkcs15init erase card...

PT-2022-37213 · Git +1 · Opensc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-double-free crash. Technical details about the crash include the function names sc pkcs15 encode df, sc pkcs15init update...