Opensc Project

Opensc

50 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.15%
  • Veröffentlicht 29.05.2026 13:38:11
  • Zuletzt bearbeitet 03.06.2026 14:28:17

OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file...

  • EPSS 0.22%
  • Veröffentlicht 29.05.2026 13:26:40
  • Zuletzt bearbeitet 03.06.2026 14:30:15

OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV s...

  • EPSS 0.16%
  • Veröffentlicht 30.03.2026 17:06:16
  • Zuletzt bearbeitet 01.04.2026 17:28:49

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack re...

Exploit
  • EPSS 0.28%
  • Veröffentlicht 30.03.2026 17:03:55
  • Zuletzt bearbeitet 01.04.2026 17:40:36

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag (high nibble) and value length (low nibble). With a...

Exploit
  • EPSS 0.25%
  • Veröffentlicht 30.03.2026 17:01:27
  • Zuletzt bearbeitet 01.04.2026 17:59:35

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_...

  • EPSS 0.13%
  • Veröffentlicht 30.03.2026 16:59:25
  • Zuletzt bearbeitet 01.04.2026 18:01:59

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack req...

  • EPSS 0.31%
  • Veröffentlicht 10.09.2024 14:15:13
  • Zuletzt bearbeitet 30.06.2026 07:16:30

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound ri...

  • EPSS 0.29%
  • Veröffentlicht 03.09.2024 22:15:05
  • Zuletzt bearbeitet 30.06.2026 07:16:30

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized...

  • EPSS 0.3%
  • Veröffentlicht 03.09.2024 22:15:05
  • Zuletzt bearbeitet 30.06.2026 07:16:30

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially fi...

  • EPSS 0.29%
  • Veröffentlicht 03.09.2024 22:15:05
  • Zuletzt bearbeitet 30.06.2026 07:16:30

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions ...