CVE-2023-40661

Summary: CVE-2023-40661 affects the OpenSC project, specifically the enrollment tooling pkcs15-init. The issue consists of multiple memory-related vulnerabilities reported by dynamic analysis during the card enrollment process, where a locally present attacker with physical access could manipulat...

CVE-2019-19479

OpenSC has a historical vulnerability CVE-2019-19479: an incorrect read operation in libopensc/card-setcos.c during parsing of a SETCOS file attribute. This issue affects OpenSC up to 0.20.x (0.20.0-rc3) and was acknowledged across multiple advisories (including Debian LTS and AlmaLinux) with fix...

CVE-2020-26570

OpenSC CVE-2020-26570 involves a heap-based buffer overflow in the Oberthur smart card driver (sc_oberthur_read_file). Affected OpenSC versions are before 0.21.0-rc1; multiple advisories recommend upgrading to 0.21.0-1 or newer. Impact is a potential compromise via crafted card data; remediation ...

CVE-2019-20792

OpenSC = 0.20.0 (or apply vendor-specific patches as listed in advisories). If exploiting details are not provided in the documents, no exploitation specifics are described here.

CVE-2019-15945

CVE-2019-15945 affects OpenSC prior to 0.20.0-rc1, with an out-of-bounds access in libopensc/asn1.c decode_bit_string. Several advisories (Arch Linux, AlmaLinux, Debian LTS, others) map this to a vulnerability class that can enable denial of service via malformed data on a local basis. Affected p...

CVE-2020-26572

OpenSC contains a stack-based buffer overflow in the TCOS smart card driver (tcos_decipher) for versions before 0.21.0-rc1. Upgrading to OpenSC 0.21.0 or later (e.g., 0.21.0-1 or newer) is recommended as the remediation across affected distributions (AL2, Arch, Debian/LTS, etc.).

CVE-2019-15946

OpenSC prior to 0.20.0-rc1 contains an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry (libopensc/asn1.c). Affected software: OpenSC (OpenSC libraries/utilities). Root cause: out-of-bounds read in ASN.1 decoding. Reported impact in sources indicates potential denial-of-service ...

CVE-2020-26571

OpenSC is affected: gemsafe GPK driver vulnerability CVE-2020-26571 in OpenSC before 0.21.0-rc1, caused by a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. Several connected advisories (Arch Linux ASA-202011-27, ALAS2-2023-2262, AlmaLinux ALSA-2021:1600, Astra Linux bulletin) indica...

CVE-2019-19480

CVE-2019-19480 affects OpenSC up to version 0.19.0 and 0.20.x up to 0.20.0-rc3. The issue is an improper free operation in libopensc/pkcs15-prkey.c (sc_pkcs15_decode_prkdf_entry). The connected sources consistently describe this as a memory management flaw in the free path, with multiple advisori...

CVE-2023-5992

Summary: CVE-2023-5992 affects the OpenSC OpenSC library stack, where PKCS#1 encryption padding removal was not implemented in a side‑channel resistant way, potentially leaking private data. Multiple connected sources confirm vulnerable OpenSC versions (e.g., < 0.23.0-3; < 0.24.0-1.amzn2023...

CVE-2023-40660

CVE-2023-40660 affects the OpenSC OpenSC/OpenSC PKCS#11 components (opensc). Connected advisories specify a PIN-bypass vulnerability: if a token is authenticated in one process, it can be used to perform cryptographic operations in other processes when an empty PIN is supplied. Affected scope inc...

CVE-2023-2977

CVE-2023-2977 affects OpenSC pkcs15 code path (cardos_have_verifyrc_package). A malformed ASN.1 context in a smart-card package can trigger a heap-based buffer out-of-bounds read, potentially crashing the process and enabling information leakage when ASAN is enabled during compile. Connected advi...

CVE-2023-4535

CVE-2023-4535 affects OpenSC, specifically the MyEID driver’s handling of symmetric key encryption. The vulnerability is an out-of-bounds read in the OpenSC MyEID driver, which can be exploited by a physically proximate attacker using a crafted USB device or smart card to manipulate APDU response...

CVE-2018-16427

OpenSC version before 0.19.0-rc1 is affected by CVE-2018-16427, an out-of-bounds read in handling responses from smart cards which can crash the opensc library when a crafted card is provided. This is part of a family of closely related CVEs (e.g., CVE-2018-16391…16427) mitigated by upgrading to ...

CVE-2019-19481

OpenSC vulnerability CVE-2019-19481: OpenSC up to 0.19.0 and 0.20.x through 0.20.0-rc3 mishandles buffer limits for CAC certificates in libopensc/card-cac1.c. The connected advisories (RHEL/SUSE/AlmaLinux/CentOS) confirm multiple distributions affected, with fixes expected in OpenSC 0.20.0 or new...

CVE-2021-42779

OpenSC CVE-2021-42779 affects OpenSC before version 0.22.0, with a heap use-after-free vulnerability in sc_file_valid. The issue can lead to instability or crashes of applications linking to OpenSC. Public documents attribute fixes to upgrading to OpenSC 0.22.0 or newer; Debian/Red Hat/Amazon Lin...

CVE-2018-16426

OpenSC is affected by CVE-2018-16426 through the IAS-ECC handling path. The issue is an endless recursion in iasecc_select_file within libopensc/card-iasecc.c when processing responses from IAS-ECC cards, and it can be triggered by supplying crafted smartcards. The vulnerability could cause the o...

CVE-2021-42782

OpenSC (library used for smart cards) has a CVE-2021-42782 stack/buffer overflow affecting versions before 0.22.0. The issue is among several OpenSC vulnerabilities also tracked as CVEs 2021-42779/42780/42781, with attackers potentially crashing programs via heap/stack overflows. Public notices f...

CVE-2018-16422

OpenSC (opensc) vulnerable to a single-byte buffer overflow in sc_pkcs15emu_esteid_init when processing responses from Esteid cards, affecting versions before 0.19.0-rc1. Exploitation could crash the application or cause unspecified impact; remediation is to upgrade to OpenSC 0.19.0 or later wher...

CVE-2018-16391

OpenSC (muscle_list_files in libopensc/card-muscle.c) is affected by CVE-2018-16391. In OpenSC versions before 0.19.0-rc1, processing responses from a Muscle Card can overflow buffers, allowing attackers with crafted smart cards to cause a denial of service (application crash) and possibly other ...

CVE-2019-6502

OpenSC/OpenSC library (libopensc) is affected by CVE-2019-6502 due to a memory leak in sc_context_create (ctx.c) on OpenSC 0.19.0. Connected advisories/NIDS report multiple vendors noting a leak in eidenv, with Debian SUSE Mageia all providing fixes by upgrading to newer OpenSC builds (e.g., 0.20...

CVE-2021-42780

CVE-2021-42780 affects OpenSC before version 0.22.0. Description and multiple security bulletins across Debian, Mageia, Gentoo, and Amazon indicate a use-after-return issue in insert_pin() that could crash programs using the library. Public advisories consistently recommend upgrading to OpenSC 0....

CVE-2018-16423

OpenSC contains a vulnerability CVE-2018-16423: a double-free in sc_file_set_sec_attr() of libopensc/sc.c when handling smartcard responses. Affected product/version: OpenSC before 0.19.0-rc1. Impact: potential denial of service (application crash) and possibly other unspecified effects if a craf...

CVE-2018-16421

CVE-2018-16421 affects the OpenSC project, specifically a buffer overflow in libopensc/card-cac.c (cac_get_serial_nr_from_CUID) when processing CAC card responses, on OpenSC versions prior to 0.19.0-rc1. This vulnerability could allow a crafted smartcard attacker to cause a denial of service (app...

CVE-2018-16420

CVE-2018-16420: OpenSC has buffer overflows in decrypt_response (libopensc/card-epass2003.c) when processing responses from ePass 2003 cards. Affected: OpenSC before 0.19.0-rc1. Exploitation requires crafted smartcards and could cause a denial of service (application crash) or other impact. Remed...

CVE-2018-16418

CVE-2018-16418 describes a buffer overflow in OpenSC’s util_acl_to_str() (tools/util.c) when handling string concatenation, triggered by crafted smartcards. Affected versions are OpenSC before 0.19.0-rc1. Exploitation could cause a denial of service (application crash) and potentially other impac...

CVE-2018-16425

Summary: CVE-2018-16425 is a double-free vulnerability in OpenSC before 0.19.0-rc1, triggered while handling responses from an HSM Card via sc_pkcs15emu_sc_hsm_init. The issue can be exploited by supplying crafted smartcards and may cause an application crash (DoS) or potentially other impacts. A...

CVE-2018-16393

OpenSC (opensc) is affected by CVE-2018-16393 due to buffer overflows in gemsafe_get_cert_len() inside libopensc/pkcs15-gemsafeV1.c. The vulnerability exists in OpenSC before 0.19.0-rc1 and can be triggered by processing crafted Gemsafe V1 Smartcards, potentially causing an application crash (DoS...

CVE-2021-42781

Opensc is affected by CVE-2021-42781 due to heap buffer overflow in pkcs15-oberthur.c up to version 0.22.0. Exploitation could crash applications using the library. Public advisories (Debian, Gentoo, Mageia, Amazon Linux 2 ALAS) indicate the fix is in OpenSC 0.22.0 or later; upgrades to newer ope...

CVE-2024-45620

OpenSC: CVE-2024-45620 affects the pkcs15-init tool. A crafted USB device or smart card may cause the system to process APDUs in a way that partially filled buffers are accessed incorrectly. This is tied to OpenSC buffer handling in pkcs15init. Remediation: upgrade OpenSC to 0.26.1-1 or newer (as...

CVE-2018-16419

OpenSC before 0.19.0-rc1 is affected by buffer overflow flaws in read_public_key for Cryptoflex card responses. Exploitation requires crafted smartcards and can lead to a denial of service (application crash) and potentially other impact. Affected component: tools/cryptoflex-tool.c; vulnerable ve...

CVE-2018-16392

OpenSC vulnerability CVE-2018-16392 affects the TCOS Card handling path. Affected component: libopensc/card-tcos.c, function tcos_select_file, in OpenSC before 0.19.0-rc1. Description: several buffer overflows could be triggered by crafted smartcards, leading to denial of service (application cra...

CVE-2018-16424

CVE-2018-16424 affects OpenSC: a double-free during handling of responses in read_file within tools/egk-tool.c (the eGK card tool). Vulnerable in OpenSC builds before 0.19.0-rc1, potentially enabling denial of service (application crash) or unspecified impact when crafted smartcards are processed...

CVE-2024-8443

CVE-2024-8443 is a heap-based buffer overflow in the libopensc OpenPGP driver. A crafted USB device or smart card that replies to APDUs during enrollment via pkcs15-init can trigger out-of-bounds access, potentially allowing arbitrary code execution. Public-affecting reports reference the OpenSC ...

CVE-2024-45615

CVE-2024-45615 affects OpenSC and related components (OpenSC tools, PKCS#11 module, minidriver, CTK). Root cause: uninitialized variables in OpenSC/libopensc and pkcs15init. Documented impact is limited to information disclosure/crash risks per CVSS 3.1 base score 3.9 (LOW); exploitation status n...

CVE-2024-45617

CVE-2024-45617 is described across connected documents as a vulnerability in the OpenSC stack (OpenSC, OpenSC tools, PKCS#11 module, minidriver, CTK) where an attacker could send crafted APDUs via USB/smart card, and due to insufficient/missing checking of return values, may lead to use of uninit...

CVE-2024-45618

CVE-2024-45618 affects OpenSC’s pkcs15-init component. The issue arises from insufficient or missing checking of return values, which can cause use of uninitialized variables after APDU responses from crafted USB devices or smart cards. Multiple connected advisories document the same core problem...

CVE-2021-42778

OpenSC has a heap double free vulnerability CVE-2021-42778 in sc_pkcs15_free_tokeninfo, affecting pre-0.22.0 releases. Debian/Red Hat advisories indicate fixes by upgrading to newer OpenSC versions (e.g., Debian 11: 0.21.0-1+deb11u1). Impact notes in linked advisories mention potential crashes (a...

CVE-2024-45616

CVE-2024-45616 affects OpenSC and related components (OpenSC tools, PKCS#11 module, minidriver, CTK). The root cause is insufficient control of the response APDU buffer and its length when communicating with a smart card or USB device, which can lead to information leakage or instability. The vul...

CVE-2024-45619

CVE-2024-45619 affects OpenSC and the related PKCS#11 components (OpenSC, opensc tools, minidriver, CTK). The issue is caused by incorrect handling of the length of buffers or files, where buffers partially filled with data can expose uninitialized parts, potentially enabling crashes or informati...

CVE-2024-1454

CVE-2024-1454 concerns the OpenSC AuthentIC driver: a use-after-free during card enrolment (pkcs15-init) that can enable manipulation of card management operations when an attacker has physical access and can present crafted APDU responses. The issue is limited to the enrolment process and requir...

CVE-2021-34193

CVE-2021-34193 describes a stack overflow in the OpenSC smart card middleware (before 0.23) triggered by crafted APDU responses. Affected product: OpenSC smart card middleware (OpenSC). Impact per NVD: high, with availability impact and no confidentiality/integrity impact. Several connected advis...

CVE-2013-1866

CVE-2013-1866 affects OpenSC OpenSC.tokend, with an Arbitrary File Creation/Overwrite vulnerability. Descriptions in multiple sources confirm the issue but do not provide concrete exploitation details, affected versions, or specific root-cause code paths. The connected documents do not specify mi...

CVE-2019-16058

The CVE-2019-16058 entry tracks a vulnerability in OpenSC’s pam_p11 (versions 0.2.0 and 0.3.0). A buffer overflow is triggered when a smart card signature exceeds 256 bytes, which can occur with RSA-4096-type operations depending on the signature scheme. Concrete details in connected docs confirm...

CVE-2026-40510

CVE-2026-40510 affects OpenSC before 0.27.0-rc1. A stack buffer overflow in piv_process_history() (src/libopensc/card-piv.c) can memory-corrupt if a physically present attacker uses a crafted PIV card/USB device that returns a URL field longer than 118 bytes in the Key History Object ASN.1 respon...

CVE-2026-40528

OpenSC prior to 0.27.0 contains a stack and heap buffer overrun in do_key_value() (src/pkcs15init/profile.c). During pkcs15-init, a key value entry starting with '=' and exceeding the size of keybuf is copied via memcpy without length checking, causing memory corruption on both stack and heap. A ...

CVE-2025-66038

OpenSC before 0.27.0 contains a validation flaw in sc_compacttlv_find_tag: for a compact-TLV element with a single-byte header (tag high nibble, length low nibble), a buffer like {0x0A} can claim tag=0 and length=10, but the code does not verify that the claimed length fits in the remaining buffe...

CVE-2025-66037

OpenSC has a vulnerability CVE-2025-66037: before 0.27.0, crafted input to fuzz_pkcs15_reader can trigger an out-of-bounds heap read in X.509/SPKI handling via sc_pkcs15_pubkey_from_spki_fields() which allocates a zero-length buffer and reads beyond it. The issue is mitigated by upgrading to Open...

CVE-2025-49010

OpenSC before version 0.27.0 is vulnerable to a stack-buffer-overflow write in GET RESPONSE when a crafted USB device or smart card presents specially crafted APDU responses. The attack requires physical access and user/administrator interaction with the token. A fix exists in OpenSC 0.27.0 and l...

CVE-2025-66215

OpenSC (OpenSC/OpenSC libraries) contains a stack-buffer-overflow in the card-oberthur path that affects versions prior to 0.27.0. An attacker with physical access could trigger the vulnerability by presenting crafted APDUs via a malicious USB device or smart card. The issue is reported as fixed ...