Opensc Project

Opensc

44 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.9

CVE-2024-8443

  • EPSS 0.05%
  • Published 10.09.2024 14:15:13
  • Last modified 01.10.2024 13:15:03

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound ri...

3.9

CVE-2024-45620

  • EPSS 0.05%
  • Published 03.09.2024 22:15:05
  • Last modified 19.09.2024 19:21:38

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized...

4.3

CVE-2024-45619

  • EPSS 0.07%
  • Published 03.09.2024 22:15:05
  • Last modified 23.09.2024 23:26:14

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially fi...

3.9

CVE-2024-45618

  • EPSS 0.05%
  • Published 03.09.2024 22:15:05
  • Last modified 13.09.2024 16:30:27

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions ...

3.9

CVE-2024-45617

  • EPSS 0.06%
  • Published 03.09.2024 22:15:05
  • Last modified 13.09.2024 19:21:08

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing che...

3.9

CVE-2024-45616

  • EPSS 0.01%
  • Published 03.09.2024 22:15:04
  • Last modified 13.09.2024 19:21:11

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were...

3.9

CVE-2024-45615

  • EPSS 0.01%
  • Published 03.09.2024 22:15:04
  • Last modified 13.09.2024 19:21:15

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).

3.4

CVE-2024-1454

  • EPSS 0.08%
  • Published 12.02.2024 23:15:08
  • Last modified 21.11.2024 08:50:37

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the comput...

5.9

CVE-2023-5992

Exploit
  • EPSS 0.21%
  • Published 31.01.2024 14:15:48
  • Last modified 21.11.2024 08:42:56

A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

3.8

CVE-2023-4535

  • EPSS 0.22%
  • Published 06.11.2023 17:15:12
  • Last modified 21.11.2024 08:35:21

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or s...