CVE-2026-40528
- EPSS 0.15%
- Veröffentlicht 29.05.2026 13:38:11
- Zuletzt bearbeitet 03.06.2026 14:28:17
OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file...
CVE-2026-40510
- EPSS 0.22%
- Veröffentlicht 29.05.2026 13:26:40
- Zuletzt bearbeitet 03.06.2026 14:30:15
OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV s...
CVE-2025-66215
- EPSS 0.16%
- Veröffentlicht 30.03.2026 17:06:16
- Zuletzt bearbeitet 01.04.2026 17:28:49
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack re...
CVE-2025-66038
- EPSS 0.28%
- Veröffentlicht 30.03.2026 17:03:55
- Zuletzt bearbeitet 01.04.2026 17:40:36
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag (high nibble) and value length (low nibble). With a...
CVE-2025-66037
- EPSS 0.25%
- Veröffentlicht 30.03.2026 17:01:27
- Zuletzt bearbeitet 01.04.2026 17:59:35
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_...
CVE-2025-49010
- EPSS 0.13%
- Veröffentlicht 30.03.2026 16:59:25
- Zuletzt bearbeitet 01.04.2026 18:01:59
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack req...
CVE-2024-8443
- EPSS 0.31%
- Veröffentlicht 10.09.2024 14:15:13
- Zuletzt bearbeitet 30.06.2026 07:16:30
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound ri...
CVE-2024-45620
- EPSS 0.29%
- Veröffentlicht 03.09.2024 22:15:05
- Zuletzt bearbeitet 30.06.2026 07:16:30
A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized...
CVE-2024-45619
- EPSS 0.3%
- Veröffentlicht 03.09.2024 22:15:05
- Zuletzt bearbeitet 30.06.2026 07:16:30
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially fi...
CVE-2024-45618
- EPSS 0.29%
- Veröffentlicht 03.09.2024 22:15:05
- Zuletzt bearbeitet 30.06.2026 07:16:30
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions ...