CVE-2021-42782
Description
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack buffer overflow vulnerabilities in OpenSC before 0.22.0 could crash programs using the library.
Vulnerability
Stack buffer overflow vulnerabilities exist in multiple places in OpenSC versions before 0.22.0. These occur in the PIV driver (improper ASN1 tag validation) [1], the TCOS driver (out-of-bounds read) [3], and the CardOS driver (incorrect buffer length calculation) [4]. The issues can be triggered when processing specially crafted smart card responses or data structures.
Exploitation
An attacker with physical access to a smart card or the ability to manipulate communication between the card and reader can supply maliciously crafted ASN1 data or TLV structures. No authentication is required, but the victim must use a vulnerable application that relies on OpenSC to read the card. The attacker can induce a stack buffer overflow by providing oversized or improperly formatted input.
Impact
Successful exploitation can cause a denial of service (crash) in applications using the OpenSC library. The description notes that the overflow "could potentially crash programs." While arbitrary code execution is not explicitly stated, stack buffer overflows may lead to code execution in some contexts [2].
Mitigation
Update to OpenSC version 0.22.0 or later, which contains the fixes for all identified issues [1][3][4]. No known workarounds are available. Users should patch as soon as possible.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
32(expand)+ 1 more
- (no CPE)
- (no CPE)range: <0.22.0
- osv-coords30 versionspkg:rpm/opensuse/opensc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/opensc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/opensc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/opensc&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/opensc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/opensc&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/opensc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/opensc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 0.19.0-150100.3.16.1+ 29 more
- (no CPE)range: < 0.19.0-150100.3.16.1
- (no CPE)range: < 0.22.0-1.1
- (no CPE)range: < 0.13.0-3.19.1
- (no CPE)range: < 0.19.0-150100.3.16.1
- (no CPE)range: < 0.19.0-150100.3.16.1
- (no CPE)range: < 0.19.0-150100.3.16.1
- (no CPE)range: < 0.18.0-150000.3.23.1
- (no CPE)range: < 0.18.0-150000.3.23.1
- (no CPE)range: < 0.19.0-150100.3.16.1
- (no CPE)range: < 0.19.0-150100.3.16.1
- (no CPE)range: < 0.11.6-5.27.14.1
- (no CPE)range: < 0.19.0-150100.3.16.1
- (no CPE)range: < 0.11.6-5.27.14.1
- (no CPE)range: < 0.13.0-3.19.1
- (no CPE)range: < 0.13.0-3.19.1
- (no CPE)range: < 0.13.0-3.19.1
- (no CPE)range: < 0.13.0-3.19.1
- (no CPE)range: < 0.13.0-3.19.1
- (no CPE)range: < 0.19.0-150100.3.16.1
- (no CPE)range: < 0.19.0-150100.3.16.1
- (no CPE)range: < 0.18.0-150000.3.23.1
- (no CPE)range: < 0.13.0-3.19.1
- (no CPE)range: < 0.13.0-3.19.1
- (no CPE)range: < 0.13.0-3.19.1
- (no CPE)range: < 0.18.0-150000.3.23.1
- (no CPE)range: < 0.19.0-150100.3.16.1
- (no CPE)range: < 0.13.0-3.19.1
- (no CPE)range: < 0.13.0-3.19.1
- (no CPE)range: < 0.13.0-3.19.1
- (no CPE)range: < 0.13.0-3.19.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- security.gentoo.org/glsa/202209-03mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2023/06/msg00025.htmlmitremailing-list
- bugzilla.redhat.com/show_bug.cgimitre
- github.com/OpenSC/OpenSC/commit/1252aca9mitre
- github.com/OpenSC/OpenSC/commit/456ac566mitre
- github.com/OpenSC/OpenSC/commit/7114fb71mitre
- github.com/OpenSC/OpenSC/commit/78cdab94mitre
- github.com/OpenSC/OpenSC/commit/ae1cf0bemitre
News mentions
0No linked articles in our index yet.