16 matches found
CVE-2019-20792
OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.
CVE-2023-5992
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.
CVE-2021-42779
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.
CVE-2021-42780
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
CVE-2021-42782
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
CVE-2021-42781
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.
CVE-2024-45620
A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.
CVE-2021-42778
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.
CVE-2024-45615
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK.The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).
CVE-2024-45618
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have n...
CVE-2024-45616
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APD...
CVE-2024-45619
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer c...
CVE-2024-45617
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpe...
CVE-2024-1454
The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or sm...
CVE-2021-34193
Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs.
CVE-2013-1866
OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability