Opensc Project

Opensc

50 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.25%
  • Veröffentlicht 01.12.2019 23:15:10
  • Zuletzt bearbeitet 21.11.2024 04:34:48

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.

Exploit
  • EPSS 0.57%
  • Veröffentlicht 01.12.2019 23:15:10
  • Zuletzt bearbeitet 21.11.2024 04:34:48

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.

  • EPSS 0.42%
  • Veröffentlicht 01.12.2019 23:15:10
  • Zuletzt bearbeitet 21.11.2024 04:34:48

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.

  • EPSS 1.53%
  • Veröffentlicht 06.09.2019 18:15:15
  • Zuletzt bearbeitet 21.11.2024 04:29:58

An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the s...

  • EPSS 0.39%
  • Veröffentlicht 05.09.2019 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:29:47

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.

  • EPSS 0.44%
  • Veröffentlicht 05.09.2019 17:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:47

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.

Exploit
  • EPSS 2.2%
  • Veröffentlicht 22.01.2019 08:29:00
  • Zuletzt bearbeitet 21.11.2024 04:46:34

sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.

  • EPSS 0.49%
  • Veröffentlicht 04.09.2018 00:29:01
  • Zuletzt bearbeitet 21.11.2024 03:52:43

Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.

Exploit
  • EPSS 0.59%
  • Veröffentlicht 04.09.2018 00:29:01
  • Zuletzt bearbeitet 21.11.2024 03:52:43

Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using program...

Exploit
  • EPSS 0.66%
  • Veröffentlicht 04.09.2018 00:29:01
  • Zuletzt bearbeitet 21.11.2024 03:52:43

A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) ...