Opensc Project

Opensc

48 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.9

CVE-2024-45615

  • EPSS 0.09%
  • Veröffentlicht 03.09.2024 22:15:04
  • Zuletzt bearbeitet 03.11.2025 23:15:51

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).

3.4

CVE-2024-1454

  • EPSS 0.08%
  • Veröffentlicht 12.02.2024 23:15:08
  • Zuletzt bearbeitet 03.11.2025 22:16:40

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the comput...

5.9

CVE-2023-5992

Exploit
  • EPSS 0.26%
  • Veröffentlicht 31.01.2024 14:15:48
  • Zuletzt bearbeitet 03.11.2025 22:16:32

A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

3.8

CVE-2023-4535

  • EPSS 0.24%
  • Veröffentlicht 06.11.2023 17:15:12
  • Zuletzt bearbeitet 21.11.2024 08:35:21

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or s...

6.4

CVE-2023-40661

  • EPSS 0.3%
  • Veröffentlicht 06.11.2023 17:15:11
  • Zuletzt bearbeitet 03.11.2025 22:16:26

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical acce...

6.6

CVE-2023-40660

  • EPSS 0.04%
  • Veröffentlicht 06.11.2023 17:15:11
  • Zuletzt bearbeitet 03.11.2025 22:16:26

A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security ...

7.5

CVE-2021-34193

  • EPSS 0.52%
  • Veröffentlicht 22.08.2023 19:16:20
  • Zuletzt bearbeitet 03.11.2025 22:15:48

Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs.

7.1

CVE-2023-2977

  • EPSS 0.03%
  • Veröffentlicht 01.06.2023 01:15:17
  • Zuletzt bearbeitet 03.11.2025 22:16:09

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function sc...

5.3

CVE-2021-42782

  • EPSS 0.09%
  • Veröffentlicht 18.04.2022 17:15:16
  • Zuletzt bearbeitet 03.11.2025 22:15:52

Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.

5.3

CVE-2021-42781

  • EPSS 0.12%
  • Veröffentlicht 18.04.2022 17:15:16
  • Zuletzt bearbeitet 03.11.2025 22:15:52

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.