Refine your search
7 vulnerabilities found for OpenSC by OpenSC
CVE-2026-40528 (GCVE-0-2026-40528)
Vulnerability from cvelistv5
Published
2026-05-29 13:38
Modified
2026-05-29 13:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init invocation, a key value entry beginning with '=' followed by more than sizeof(keybuf) characters is copied into keybuf via memcpy without a length check, causing both stack and heap buffer overruns.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40528",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T13:58:10.279206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:58:18.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "OpenSC",
"repo": "https://github.com/OpenSC/OpenSC",
"vendor": "OpenSC",
"versions": [
{
"lessThan": "0.27.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "0358817ec74aeca654f83e7709c7720b14c5db59",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nicholas Carlini of Anthropic"
}
],
"datePublic": "2026-03-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init invocation, a key value entry beginning with \u0027=\u0027 followed by more than sizeof(keybuf) characters is copied into keybuf via memcpy without a length check, causing both stack and heap buffer overruns."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 1,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:38:11.831Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/OpenSC/OpenSC/commit/0358817ec74aeca654f83e7709c7720b14c5db59"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/opensc-buffer-overrun-in-do-key-value-via-profile-c"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_open-source"
],
"title": "OpenSC \u003c 0.27.0 Buffer Overrun in do_key_value() via profile.c",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-40528",
"datePublished": "2026-05-29T13:38:11.831Z",
"dateReserved": "2026-04-13T20:29:02.810Z",
"dateUpdated": "2026-05-29T13:58:18.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40510 (GCVE-0-2026-40510)
Vulnerability from cvelistv5
Published
2026-05-29 13:26
Modified
2026-06-01 13:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device returning a URL field longer than 118 bytes in the Key History Object ASN.1 response.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T13:37:05.970355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T13:37:24.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "OpenSC",
"repo": "https://github.com/OpenSC/OpenSC",
"vendor": "OpenSC",
"versions": [
{
"lessThan": "0.27.0-rc1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "3f24f0b48a481a8cf2e46059d8238a283ddc1c13",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nicholas Carlini of Anthropic"
}
],
"datePublic": "2026-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device returning a URL field longer than 118 bytes in the Key History Object ASN.1 response."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 1,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T13:39:29.643Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/OpenSC/OpenSC/pull/3558"
},
{
"tags": [
"patch"
],
"url": "https://github.com/OpenSC/OpenSC/commit/3f24f0b48a481a8cf2e46059d8238a283ddc1c13"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/opensc-stack-buffer-overflow-via-piv-process-history-in-card-piv-c"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_open-source"
],
"title": "OpenSC \u003c 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-40510",
"datePublished": "2026-05-29T13:26:40.459Z",
"dateReserved": "2026-04-13T20:29:02.809Z",
"dateUpdated": "2026-06-01T13:37:24.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13763 (GCVE-0-2025-13763)
Vulnerability from cvelistv5
Published
2026-04-23 12:27
Modified
2026-04-23 14:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| OpenSC | OpenSC |
Version: 0 ≤ |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13763",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T14:04:28.240123Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457 Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T14:05:23.182Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-2v44-fq35-98vv"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSC",
"vendor": "OpenSC",
"versions": [
{
"lessThan": "0.27.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "opensc",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "opensc",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "opensc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "opensc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-23T12:09:46.867Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs"
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T12:33:39.857Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-13763"
},
{
"name": "RHBZ#2417581",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417581"
},
{
"url": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-2v44-fq35-98vv"
},
{
"url": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-13763"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-27T14:28:07.219Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-23T12:09:46.867Z",
"value": "Made public."
}
],
"title": "Libopensc: opensc: multiple uses of uninitialized variable",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, avoid connecting untrusted USB devices or smart cards to systems running affected versions of Red Hat Enterprise Linux. This operational control reduces the risk of an attacker presenting a specially crafted device to exploit the uninitialized variable flaws in `libopensc`."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-13763",
"datePublished": "2026-04-23T12:27:41.820Z",
"dateReserved": "2025-11-27T14:35:05.731Z",
"dateUpdated": "2026-04-23T14:05:23.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66215 (GCVE-0-2025-66215)
Vulnerability from cvelistv5
Published
2026-03-30 17:06
Modified
2026-03-31 18:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T18:50:36.530890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T18:53:46.404Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenSC",
"vendor": "OpenSC",
"versions": [
{
"status": "affected",
"version": "\u003c 0.27.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T17:06:16.996Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5fc-cw56-hwp2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5fc-cw56-hwp2"
},
{
"name": "https://github.com/OpenSC/OpenSC/pull/3436",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSC/OpenSC/pull/3436"
},
{
"name": "https://github.com/OpenSC/OpenSC/commit/efd1d479832141bcf705c2f47655ada4d5f92f5d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSC/OpenSC/commit/efd1d479832141bcf705c2f47655ada4d5f92f5d"
},
{
"name": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66215",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66215"
}
],
"source": {
"advisory": "GHSA-q5fc-cw56-hwp2",
"discovery": "UNKNOWN"
},
"title": "OpenSC: Stack-buffer-overflow WRITE in card-oberthur"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66215",
"datePublished": "2026-03-30T17:06:16.996Z",
"dateReserved": "2025-11-24T23:01:29.678Z",
"dateUpdated": "2026-03-31T18:53:46.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66038 (GCVE-0-2025-66038)
Vulnerability from cvelistv5
Published
2026-03-30 17:03
Modified
2026-04-01 18:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-126 - Buffer Over-read
Summary
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag (high nibble) and value length (low nibble). With a 1-byte buffer {0x0A}, the encoded element claims tag=0 and length=10 but no value bytes follow. Calling sc_compacttlv_find_tag with search tag 0x00 returns a pointer equal to buf+1 and outlen=10 without verifying that the claimed value length fits within the remaining buffer. In cases where the sc_compacttlv_find_tag is provided untrusted data (such as being read from cards/files), attackers may be able to influence it to return out-of-bounds pointers leading to downstream memory corruption when subsequent code tries to dereference the pointer. This issue has been patched in version 0.27.0.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66038",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T18:15:18.318069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T18:15:33.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenSC",
"vendor": "OpenSC",
"versions": [
{
"status": "affected",
"version": "\u003c 0.27.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag (high nibble) and value length (low nibble). With a 1-byte buffer {0x0A}, the encoded element claims tag=0 and length=10 but no value bytes follow. Calling sc_compacttlv_find_tag with search tag 0x00 returns a pointer equal to buf+1 and outlen=10 without verifying that the claimed value length fits within the remaining buffer. In cases where the sc_compacttlv_find_tag is provided untrusted data (such as being read from cards/files), attackers may be able to influence it to return out-of-bounds pointers leading to downstream memory corruption when subsequent code tries to dereference the pointer. This issue has been patched in version 0.27.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T17:03:55.914Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-72x5-fwjx-2459",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-72x5-fwjx-2459"
},
{
"name": "https://github.com/OpenSC/OpenSC/commit/6db171bcb6fd7cb3b51098fefbb3b28e44f0a79c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSC/OpenSC/commit/6db171bcb6fd7cb3b51098fefbb3b28e44f0a79c"
},
{
"name": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66038",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66038"
}
],
"source": {
"advisory": "GHSA-72x5-fwjx-2459",
"discovery": "UNKNOWN"
},
"title": "OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66038",
"datePublished": "2026-03-30T17:03:55.914Z",
"dateReserved": "2025-11-21T01:08:02.615Z",
"dateUpdated": "2026-04-01T18:15:33.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66037 (GCVE-0-2025-66037)
Vulnerability from cvelistv5
Published
2026-03-30 17:01
Modified
2026-03-30 20:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66037",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T20:14:26.757382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T20:14:39.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenSC",
"vendor": "OpenSC",
"versions": [
{
"status": "affected",
"version": "\u003c 0.27.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T17:01:27.790Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx"
},
{
"name": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037"
}
],
"source": {
"advisory": "GHSA-m58q-rmjm-mmfx",
"discovery": "UNKNOWN"
},
"title": "OpenSC: Out of Bounds vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66037",
"datePublished": "2026-03-30T17:01:27.790Z",
"dateReserved": "2025-11-21T01:08:02.615Z",
"dateUpdated": "2026-03-30T20:14:39.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49010 (GCVE-0-2025-49010)
Vulnerability from cvelistv5
Published
2026-03-30 16:59
Modified
2026-03-30 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49010",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T18:38:16.196764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T18:38:21.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenSC",
"vendor": "OpenSC",
"versions": [
{
"status": "affected",
"version": "\u003c 0.27.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T16:59:25.810Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5cf-5wmx-9wh4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5cf-5wmx-9wh4"
},
{
"name": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-49010",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-49010"
}
],
"source": {
"advisory": "GHSA-q5cf-5wmx-9wh4",
"discovery": "UNKNOWN"
},
"title": "OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49010",
"datePublished": "2026-03-30T16:59:25.810Z",
"dateReserved": "2025-05-29T16:34:07.176Z",
"dateUpdated": "2026-03-30T18:38:21.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}