CVE-2025-49010

EPSS 0.02%
Veröffentlicht 30.03.2026 16:59:25
Zuletzt bearbeitet 01.04.2026 18:01:59
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opensc Project ≫ Opensc Version < 0.27.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.049

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	3.8	0.4	3.4	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5cf-5wmx-9wh4

Vendor Advisory

https://github.com/OpenSC/OpenSC/wiki/CVE-2025-49010

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-49010

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-49010

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-49010

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-49010