Opensc Security Vulnerabilities and Issues — Opensc CVE List

Lucene search

Opensc ProjectOpensc

17 matches found

CVE•added 2023/11/06 5:15 p.m.•401 views

CVE-2023-40661

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-cra...

6.4CVSS6AI score0.00315EPSS

CVE•added 2020/04/29 4:15 a.m.•239 views

CVE-2019-20792

OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.

6.8CVSS6.4AI score0.00165EPSS

CVE•added 2019/09/05 5:15 p.m.•234 views

CVE-2019-15945

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.

6.4CVSS6.2AI score0.0006EPSS

CVE•added 2019/09/05 5:15 p.m.•229 views

CVE-2019-15946

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.

6.4CVSS6.2AI score0.00049EPSS

CVE•added 2023/11/06 5:15 p.m.•127 views

CVE-2023-40660

A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and...

6.6CVSS6.2AI score0.00037EPSS

CVE•added 2018/09/04 12:29 a.m.•102 views

CVE-2018-16422

A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified o...

6.6CVSS6.8AI score0.00187EPSS

CVE•added 2018/09/04 12:29 a.m.•98 views

CVE-2018-16423

A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

6.6CVSS6.7AI score0.00188EPSS

CVE•added 2018/09/04 12:29 a.m.•95 views

CVE-2018-16420

Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other imp...

6.6CVSS6.8AI score0.00187EPSS

CVE•added 2018/09/03 2:29 p.m.•94 views

CVE-2018-16391

Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

6.8CVSS6.8AI score0.00102EPSS

CVE•added 2018/09/04 12:29 a.m.•94 views

CVE-2018-16421

Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact...

6.6CVSS6.8AI score0.00201EPSS

CVE•added 2018/09/04 12:29 a.m.•92 views

CVE-2018-16425

A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

6.6CVSS6.7AI score0.00202EPSS

CVE•added 2018/09/04 12:29 a.m.•91 views

CVE-2018-16418

A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

6.6CVSS6.8AI score0.00187EPSS

CVE•added 2018/09/03 2:29 p.m.•90 views

CVE-2018-16393

Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified...

6.8CVSS6.8AI score0.00156EPSS

CVE•added 2018/09/04 12:29 a.m.•88 views

CVE-2018-16419

Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

6.6CVSS6.8AI score0.00187EPSS

CVE•added 2018/09/04 12:29 a.m.•84 views

CVE-2018-16424

A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

6.6CVSS6.7AI score0.00188EPSS

CVE•added 2018/09/03 2:29 p.m.•83 views

CVE-2018-16392

Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

6.8CVSS6.8AI score0.00156EPSS

CVE•added 2020/01/30 2:15 p.m.•32 views

CVE-2013-1866

OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability

6.3CVSS6.3AI score0.00149EPSS