CVE-2021-42780 — Unchecked Return Value in Project Opensc

CWE-252 — Unchecked Return Value12 documents8 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 81.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensc Project Opensc Fedoraproject Fedora Redhat Enterprise Linux

Timeline

PublishedApr 18

Latest updateApr 9

Description

A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶NVDopensc_project/opensc< 0.22.0

▶Debianopensc_project/opensc< 0.21.0-1+deb11u1+3

▶Ubuntuopensc_project/opensc< 0.15.0-1ubuntu1+esm2+4

▶CVEListV5opensc_project/openscopensc 0.22.0

Also affects: Fedora 33, Enterprise Linux 7.0

Patches

Patch: bugs.chromium.org ↗Patch: bugzilla.redhat.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

opensc vulnerabilities↗2025-04-09

▶

OSV

opensc regression↗2025-03-28

▶

OSV

opensc vulnerabilities↗2025-03-12

▶

GHSA

GHSA-7wjg-mhwg-m2rc: A use after return issue was found in Opensc before version 0↗2022-04-19

▶

OSV

CVE-2021-42780: A use after return issue was found in Opensc before version 0↗2022-04-18

▶

📋Vendor Advisories

Ubuntu

OpenSC vulnerabilities↗2025-04-09

▶

Ubuntu

OpenSC vulnerabilities↗2025-03-12

▶

Microsoft

A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.↗2022-04-12

▶

Red Hat

opensc: Use after return in insert_pin function↗2021-01-09

▶

Debian

CVE-2021-42780: opensc - A use after return issue was found in Opensc before version 0.22.0 in insert_pin...↗2021

▶