epa4all-client: Unauthenticated REST API for Patient Record Writes

Impact Any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g., following the production Docker example in the README, this is exploitable from the local network without...

OpenSC security vulnerabilities

OpenSC is an open-source smart card tool and middleware developed by OpenSC. Versions of OpenSC prior to 0.26.1 contain security vulnerabilities. These vulnerabilities stem from a mistake in the function testkpgencertwrite in the Key Generation Module component of the pkcs11-tool. This mistake ma...

Astra Linux - уязвимость в opensc

A stack overflow vulnerability exists in the OpenSC smart card middleware before version 0.23, due to improper responses to APDUs...

Astra Linux - уязвимость в opensc

The TCOS smart card software driver in OpenSC before version 0.21.0-rc1 has a stack-based buffer overflow in the tcosdecipher function...

Astra Linux – Vulnerability in opensc

The gemsafe GPK smart card software driver in OpenSC before version 0.21.0-rc1 has a stack-based buffer overflow in the scpkcs15emugemsafeGPKinit function...

[SECURITY] Fedora 44 Update: opensc-0.27.1-1.fc44

OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the PKCS11 API so...

CVE-2025-13763

Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs...

CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable

Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs...

EUVD-2025-209564

Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs...

CVE-2025-13763

CVE-2025-13763 affects OpenSC's libopensc with multiple uses of uninitialized variables, potentially allowing information disclosure or application crash. The issue requires a crafted USB device or smart card that supplies specially crafted APDUs. Reports indicate Red Hat and Fedora/OpenSUSE advi...

CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable

Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs...

OpenSC 安全漏洞

OpenSC is an open-source smart card tool and middleware developed by OpenSC. There is a security vulnerability in OpenSC, which stems from the use of uninitialized variables multiple times, potentially leading to information leaks or application crashes. The attack requires a specially crafted US...

SUSE-SU-2026:1477-1 Security update for opensc

This update for opensc fixes the following issues: - CVE-2025-49010: specially crafted smart card or USB device can lead to a stack buffer overflow write in GET RESPONSE bsc1261214. - CVE-2025-66037: specially crafted input processed by the fuzzpkcs15reader harness can lead to an out-of-bounds he...

[SECURITY] Fedora 42 Update: opensc-0.27.1-1.fc42

OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the PKCS11 API so...

SUSE CVE-2025-49010

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that wou...

Linux Distros Unpatched Vulnerability : CVE-2025-66215

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or...

Linux Distros Unpatched Vulnerability : CVE-2025-66037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzzpkcs15reader harness causes OpenSC to...

CVE-2025-66215

A flaw was found in OpenSC, an open-source smart card tool and middleware. An attacker with physical access to the computer can exploit this vulnerability when a user or administrator uses a smart card token. By presenting a specially crafted USB device or smart card, the attacker can trigger a...

DEBIAN-CVE-2025-66037

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzzpkcs15reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, scpkcs15pubkeyfromspkifields allocates a zero-length buffer...

CVE-2025-66215

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that...