Lucene search
K

22 matches found

CVE
CVE
added 2020/04/29 3:53 a.m.263 views

CVE-2019-20792

OpenSC = 0.20.0 (or apply vendor-specific patches as listed in advisories). If exploiting details are not provided in the documents, no exploitation specifics are described here.

6.8CVSS6.4AI score0.007EPSS
CVE
CVE
added 2024/01/31 2:5 p.m.196 views

CVE-2023-5992

Summary: CVE-2023-5992 affects the OpenSC OpenSC library stack, where PKCS#1 encryption padding removal was not implemented in a side‑channel resistant way, potentially leaking private data. Multiple connected sources confirm vulnerable OpenSC versions (e.g., < 0.23.0-3; < 0.24.0-1.amzn2023...

5.9CVSS5.4AI score0.01156EPSS
CVE
CVE
added 2022/04/18 12:0 a.m.135 views

CVE-2021-42779

OpenSC CVE-2021-42779 affects OpenSC before version 0.22.0, with a heap use-after-free vulnerability in sc_file_valid. The issue can lead to instability or crashes of applications linking to OpenSC. Public documents attribute fixes to upgrading to OpenSC 0.22.0 or newer; Debian/Red Hat/Amazon Lin...

5.3CVSS5.5AI score0.02051EPSS
CVE
CVE
added 2022/04/18 12:0 a.m.128 views

CVE-2021-42782

OpenSC (library used for smart cards) has a CVE-2021-42782 stack/buffer overflow affecting versions before 0.22.0. The issue is among several OpenSC vulnerabilities also tracked as CVEs 2021-42779/42780/42781, with attackers potentially crashing programs via heap/stack overflows. Public notices f...

5.3CVSS5.8AI score0.02675EPSS
CVE
CVE
added 2022/04/18 12:0 a.m.116 views

CVE-2021-42780

CVE-2021-42780 affects OpenSC before version 0.22.0. Description and multiple security bulletins across Debian, Mageia, Gentoo, and Amazon indicate a use-after-return issue in insert_pin() that could crash programs using the library. Public advisories consistently recommend upgrading to OpenSC 0....

5.3CVSS5.3AI score0.02092EPSS
CVE
CVE
added 2024/09/03 9:21 p.m.109 views

CVE-2024-45620

OpenSC: CVE-2024-45620 affects the pkcs15-init tool. A crafted USB device or smart card may cause the system to process APDUs in a way that partially filled buffers are accessed incorrectly. This is tied to OpenSC buffer handling in pkcs15init. Remediation: upgrade OpenSC to 0.26.1-1 or newer (as...

3.9CVSS4AI score0.00293EPSS
CVE
CVE
added 2022/04/18 12:0 a.m.106 views

CVE-2021-42781

Opensc is affected by CVE-2021-42781 due to heap buffer overflow in pkcs15-oberthur.c up to version 0.22.0. Exploitation could crash applications using the library. Public advisories (Debian, Gentoo, Mageia, Amazon Linux 2 ALAS) indicate the fix is in OpenSC 0.22.0 or later; upgrades to newer ope...

5.3CVSS5.8AI score0.02805EPSS
CVE
CVE
added 2024/09/03 9:19 p.m.103 views

CVE-2024-45615

CVE-2024-45615 affects OpenSC and related components (OpenSC tools, PKCS#11 module, minidriver, CTK). Root cause: uninitialized variables in OpenSC/libopensc and pkcs15init. Documented impact is limited to information disclosure/crash risks per CVSS 3.1 base score 3.9 (LOW); exploitation status n...

3.9CVSS4AI score0.00355EPSS
CVE
CVE
added 2024/09/03 9:21 p.m.99 views

CVE-2024-45618

CVE-2024-45618 affects OpenSC’s pkcs15-init component. The issue arises from insufficient or missing checking of return values, which can cause use of uninitialized variables after APDU responses from crafted USB devices or smart cards. Multiple connected advisories document the same core problem...

3.9CVSS3.9AI score0.00287EPSS
CVE
CVE
added 2024/09/03 9:20 p.m.97 views

CVE-2024-45617

CVE-2024-45617 is described across connected documents as a vulnerability in the OpenSC stack (OpenSC, OpenSC tools, PKCS#11 module, minidriver, CTK) where an attacker could send crafted APDUs via USB/smart card, and due to insufficient/missing checking of return values, may lead to use of uninit...

3.9CVSS3.9AI score0.00302EPSS
CVE
CVE
added 2024/09/03 9:20 p.m.91 views

CVE-2024-45616

CVE-2024-45616 affects OpenSC and related components (OpenSC tools, PKCS#11 module, minidriver, CTK). The root cause is insufficient control of the response APDU buffer and its length when communicating with a smart card or USB device, which can lead to information leakage or instability. The vul...

3.9CVSS4.2AI score0.00355EPSS
CVE
CVE
added 2024/09/03 9:21 p.m.91 views

CVE-2024-45619

CVE-2024-45619 affects OpenSC and the related PKCS#11 components (OpenSC, opensc tools, minidriver, CTK). The issue is caused by incorrect handling of the length of buffers or files, where buffers partially filled with data can expose uninitialized parts, potentially enabling crashes or informati...

4.3CVSS4.4AI score0.003EPSS
CVE
CVE
added 2022/04/18 4:20 p.m.90 views

CVE-2021-42778

OpenSC has a heap double free vulnerability CVE-2021-42778 in sc_pkcs15_free_tokeninfo, affecting pre-0.22.0 releases. Debian/Red Hat advisories indicate fixes by upgrading to newer OpenSC versions (e.g., Debian 11: 0.21.0-1+deb11u1). Impact notes in linked advisories mention potential crashes (a...

5.3CVSS5.1AI score0.0209EPSS
CVE
CVE
added 2024/02/12 10:29 p.m.86 views

CVE-2024-1454

CVE-2024-1454 concerns the OpenSC AuthentIC driver: a use-after-free during card enrolment (pkcs15-init) that can enable manipulation of card management operations when an attacker has physical access and can present crafted APDU responses. The issue is limited to the enrolment process and requir...

3.4CVSS3.7AI score0.00422EPSS
CVE
CVE
added 2023/08/22 12:0 a.m.74 views

CVE-2021-34193

CVE-2021-34193 describes a stack overflow in the OpenSC smart card middleware (before 0.23) triggered by crafted APDU responses. Affected product: OpenSC smart card middleware (OpenSC). Impact per NVD: high, with availability impact and no confidentiality/integrity impact. Several connected advis...

7.5CVSS7.5AI score0.01144EPSS
CVE
CVE
added 2020/01/30 1:7 p.m.49 views

CVE-2013-1866

CVE-2013-1866 affects OpenSC OpenSC.tokend, with an Arbitrary File Creation/Overwrite vulnerability. Descriptions in multiple sources confirm the issue but do not provide concrete exploitation details, affected versions, or specific root-cause code paths. The connected documents do not specify mi...

6.3CVSS6.3AI score0.00422EPSS
CVE
CVE
added 2026/05/29 1:38 p.m.33 views

CVE-2026-40528

OpenSC prior to 0.27.0 contains a stack and heap buffer overrun in do_key_value() (src/pkcs15init/profile.c). During pkcs15-init, a key value entry starting with '=' and exceeding the size of keybuf is copied via memcpy without length checking, causing memory corruption on both stack and heap. A ...

7.8CVSS5.9AI score0.00146EPSS
CVE
CVE
added 2026/05/29 1:26 p.m.29 views

CVE-2026-40510

CVE-2026-40510 affects OpenSC before 0.27.0-rc1. A stack buffer overflow in piv_process_history() (src/libopensc/card-piv.c) can memory-corrupt if a physically present attacker uses a crafted PIV card/USB device that returns a URL field longer than 118 bytes in the Key History Object ASN.1 respon...

6.8CVSS6AI score0.00216EPSS
CVE
CVE
added 2026/03/30 5:1 p.m.24 views

CVE-2025-66037

OpenSC has a vulnerability CVE-2025-66037: before 0.27.0, crafted input to fuzz_pkcs15_reader can trigger an out-of-bounds heap read in X.509/SPKI handling via sc_pkcs15_pubkey_from_spki_fields() which allocates a zero-length buffer and reads beyond it. The issue is mitigated by upgrading to Open...

6.8CVSS5.9AI score0.00253EPSS
CVE
CVE
added 2026/03/30 5:6 p.m.20 views

CVE-2025-66215

OpenSC (OpenSC/OpenSC libraries) contains a stack-buffer-overflow in the card-oberthur path that affects versions prior to 0.27.0. An attacker with physical access could trigger the vulnerability by presenting crafted APDUs via a malicious USB device or smart card. The issue is reported as fixed ...

6.8CVSS5.8AI score0.00159EPSS
CVE
CVE
added 2026/03/30 5:3 p.m.18 views

CVE-2025-66038

OpenSC before 0.27.0 contains a validation flaw in sc_compacttlv_find_tag: for a compact-TLV element with a single-byte header (tag high nibble, length low nibble), a buffer like {0x0A} can claim tag=0 and length=10, but the code does not verify that the claimed length fits in the remaining buffe...

6.8CVSS5.9AI score0.00282EPSS
CVE
CVE
added 2026/03/30 4:59 p.m.17 views

CVE-2025-49010

OpenSC before version 0.27.0 is vulnerable to a stack-buffer-overflow write in GET RESPONSE when a crafted USB device or smart card presents specially crafted APDU responses. The attack requires physical access and user/administrator interaction with the token. A fix exists in OpenSC 0.27.0 and l...

6.8CVSS5.8AI score0.0013EPSS