Opensc Project Opensc vulnerabilities
53 known vulnerabilities affecting opensc_project/opensc.
Total CVEs
53
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH6MEDIUM38LOW9
Vulnerabilities
Page 2 of 3
CVE-2021-42781MEDIUMCVSS 5.3fixed in 0.22.0vopensc 0.22.02022-04-18
CVE-2021-42781 [MEDIUM] CWE-119 CVE-2021-42781: Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that cou
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.
cvelistv5nvdosv
CVE-2021-42780MEDIUMCVSS 5.3fixed in 0.22.0vopensc 0.22.02022-04-18
CVE-2021-42780 [MEDIUM] CWE-252 CVE-2021-42780: A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
cvelistv5nvdosv
CVE-2021-42779MEDIUMCVSS 5.3fixed in 0.22.0vopensc 0.22.02022-04-18
CVE-2021-42779 [MEDIUM] CWE-416 CVE-2021-42779: A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.
cvelistv5nvdosv
CVE-2020-26570MEDIUMCVSS 5.5≤ 0.20.02020-10-06
CVE-2020-26570 [MEDIUM] CWE-787 CVE-2020-26570: The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.
nvdosv
CVE-2020-26572MEDIUMCVSS 5.5≤ 0.20.02020-10-06
CVE-2020-26572 [MEDIUM] CWE-787 CVE-2020-26572: The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
nvdosv
CVE-2020-26571MEDIUMCVSS 5.5≤ 0.20.02020-10-06
CVE-2020-26571 [MEDIUM] CWE-787 CVE-2020-26571: The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer over
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
nvdosv
CVE-2019-20792MEDIUMCVSS 6.8fixed in 0.20.02020-04-29
CVE-2019-20792 [MEDIUM] CWE-415 CVE-2019-20792: OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in li
OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.
nvdosv
CVE-2013-1866MEDIUMCVSS 6.1fixed in 0.13.02020-01-30
CVE-2013-1866 [MEDIUM] CWE-59 CVE-2013-1866: OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability
OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability
nvd
CVE-2019-19480MEDIUMCVSS 4.6≤ 0.19.0v0.20.02019-12-01
CVE-2019-19480 [MEDIUM] CWE-672 CVE-2019-19480: An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prk
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.
nvd
CVE-2019-19481MEDIUMCVSS 4.6v0.19.0v0.20.02019-12-01
CVE-2019-19481 [MEDIUM] CWE-119 CVE-2019-19481: An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.
nvdosv
CVE-2019-19479MEDIUMCVSS 5.5≤ 0.19.0v0.20.02019-12-01
CVE-2019-19479 [MEDIUM] CWE-125 CVE-2019-19479: An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setco
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.
nvdosv
CVE-2019-16058HIGHCVSS 7.5v0.2.0v0.3.02019-09-06
CVE-2019-16058 [HIGH] CWE-119 CVE-2019-16058: An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates
An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme.
nvd
CVE-2019-15945MEDIUMCVSS 6.4≤ 0.19.02019-09-05
CVE-2019-15945 [MEDIUM] CWE-119 CVE-2019-15945: OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in l
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.
nvdosv
CVE-2019-15946MEDIUMCVSS 6.4≤ 0.19.02019-09-05
CVE-2019-15946 [MEDIUM] CWE-119 CVE-2019-15946: OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry i
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.
nvdosv
CVE-2019-6502HIGHCVSS 7.5v0.19.02019-01-22
CVE-2019-6502 [HIGH] CWE-401 CVE-2019-6502: sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a cal
sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.
nvdosv
CVE-2018-16423MEDIUMCVSS 6.6≤ 0.18.02018-09-04
CVE-2018-16423 [MEDIUM] CWE-415 CVE-2018-16423: A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in
A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
nvdosv
CVE-2018-16427MEDIUMCVSS 4.3≤ 0.18.02018-09-04
CVE-2018-16427 [MEDIUM] CWE-125 CVE-2018-16427: Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by att
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.
nvdosv
CVE-2018-16426MEDIUMCVSS 4.3≤ 0.18.02018-09-04
CVE-2018-16426 [MEDIUM] CWE-674 CVE-2018-16426: Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/ca
Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.
nvdosv
CVE-2018-16424MEDIUMCVSS 6.6≤ 0.18.02018-09-04
CVE-2018-16424 [MEDIUM] CWE-415 CVE-2018-16424: A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in Op
A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
nvdosv
CVE-2018-16418MEDIUMCVSS 6.6≤ 0.18.02018-09-04
CVE-2018-16418 [MEDIUM] CWE-119 CVE-2018-16418: A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC be
A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
nvdosv