Opensc Project

Opensc

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.9

CVE-2024-8443

  • EPSS 0.05%
  • Veröffentlicht 10.09.2024 14:15:13
  • Zuletzt bearbeitet 01.10.2024 13:15:03

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound ri...

3.9

CVE-2024-45620

  • EPSS 0.05%
  • Veröffentlicht 03.09.2024 22:15:05
  • Zuletzt bearbeitet 19.09.2024 19:21:38

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized...

4.3

CVE-2024-45619

  • EPSS 0.07%
  • Veröffentlicht 03.09.2024 22:15:05
  • Zuletzt bearbeitet 23.09.2024 23:26:14

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially fi...

3.9

CVE-2024-45618

  • EPSS 0.05%
  • Veröffentlicht 03.09.2024 22:15:05
  • Zuletzt bearbeitet 13.09.2024 16:30:27

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions ...

3.9

CVE-2024-45617

  • EPSS 0.06%
  • Veröffentlicht 03.09.2024 22:15:05
  • Zuletzt bearbeitet 13.09.2024 19:21:08

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing che...

3.9

CVE-2024-45616

  • EPSS 0.01%
  • Veröffentlicht 03.09.2024 22:15:04
  • Zuletzt bearbeitet 13.09.2024 19:21:11

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were...

3.9

CVE-2024-45615

  • EPSS 0.01%
  • Veröffentlicht 03.09.2024 22:15:04
  • Zuletzt bearbeitet 13.09.2024 19:21:15

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).

3.4

CVE-2024-1454

  • EPSS 0.08%
  • Veröffentlicht 12.02.2024 23:15:08
  • Zuletzt bearbeitet 21.11.2024 08:50:37

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the comput...

5.9

CVE-2023-5992

Exploit
  • EPSS 0.21%
  • Veröffentlicht 31.01.2024 14:15:48
  • Zuletzt bearbeitet 21.11.2024 08:42:56

A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

3.8

CVE-2023-4535

  • EPSS 0.22%
  • Veröffentlicht 06.11.2023 17:15:12
  • Zuletzt bearbeitet 21.11.2024 08:35:21

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or s...