Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Opensc Project Subscribe
Filtered by product Opensc
Total 30 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-42782 2 Fedoraproject, Opensc Project 2 Fedora, Opensc 2022-09-29 5.0 MEDIUM 5.3 MEDIUM
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
CVE-2021-42781 3 Fedoraproject, Opensc Project, Redhat 3 Fedora, Opensc, Enterprise Linux 2022-09-29 5.0 MEDIUM 5.3 MEDIUM
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.
CVE-2021-42778 3 Fedoraproject, Opensc Project, Redhat 3 Fedora, Opensc, Enterprise Linux 2022-09-29 5.0 MEDIUM 5.3 MEDIUM
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.
CVE-2021-42780 3 Fedoraproject, Opensc Project, Redhat 3 Fedora, Opensc, Enterprise Linux 2022-09-29 5.0 MEDIUM 5.3 MEDIUM
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
CVE-2021-42779 3 Fedoraproject, Opensc Project, Redhat 3 Fedora, Opensc, Enterprise Linux 2022-09-29 5.0 MEDIUM 5.3 MEDIUM
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.
CVE-2019-15945 3 Debian, Fedoraproject, Opensc Project 3 Debian Linux, Fedora, Opensc 2021-11-30 4.4 MEDIUM 6.4 MEDIUM
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.
CVE-2019-15946 3 Debian, Fedoraproject, Opensc Project 3 Debian Linux, Fedora, Opensc 2021-11-30 4.4 MEDIUM 6.4 MEDIUM
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.
CVE-2019-19479 3 Debian, Fedoraproject, Opensc Project 3 Debian Linux, Fedora, Opensc 2021-11-30 2.1 LOW 5.5 MEDIUM
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.
CVE-2020-26572 3 Debian, Fedoraproject, Opensc Project 3 Debian Linux, Fedora, Opensc 2021-11-30 2.1 LOW 5.5 MEDIUM
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
CVE-2020-26571 3 Debian, Fedoraproject, Opensc Project 3 Debian Linux, Fedora, Opensc 2021-11-30 2.1 LOW 5.5 MEDIUM
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
CVE-2020-26570 3 Debian, Fedoraproject, Opensc Project 3 Debian Linux, Fedora, Opensc 2021-11-29 2.1 LOW 5.5 MEDIUM
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.
CVE-2019-6502 1 Opensc Project 1 Opensc 2020-08-24 5.0 MEDIUM 7.5 HIGH
sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.
CVE-2019-20792 1 Opensc Project 1 Opensc 2020-05-26 4.6 MEDIUM 6.8 MEDIUM
OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.
CVE-2013-1866 2 Apple, Opensc Project 2 Mac Os X, Opensc 2020-02-03 6.3 MEDIUM 6.1 MEDIUM
OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability
CVE-2019-19480 2 Linux, Opensc Project 2 Linux Kernel, Opensc 2020-01-24 2.1 LOW 4.6 MEDIUM
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.
CVE-2019-19481 1 Opensc Project 1 Opensc 2020-01-24 2.1 LOW 4.6 MEDIUM
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.
CVE-2018-16426 1 Opensc Project 1 Opensc 2019-10-02 2.1 LOW 4.3 MEDIUM
Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.
CVE-2019-16058 1 Opensc Project 1 Opensc 2019-09-12 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme.
CVE-2018-16425 1 Opensc Project 1 Opensc 2019-09-11 4.6 MEDIUM 6.6 MEDIUM
A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-16424 1 Opensc Project 1 Opensc 2019-09-11 4.6 MEDIUM 6.6 MEDIUM
A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.