rpm package
suse/opensc&distro=SUSE Linux Enterprise Server 16.0
pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2016.0
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-66215 | Low | 3.8 | < 0.26.1-160000.3.1 | 0.26.1-160000.3.1 | Mar 30, 2026 | OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or s | |
| CVE-2025-66038 | Low | 3.9 | < 0.26.1-160000.3.1 | 0.26.1-160000.3.1 | Mar 30, 2026 | OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag (high nibble) and value length (low nibble). With a 1-byte buffer {0x0A}, the enc | |
| CVE-2025-66037 | Low | 3.9 | < 0.26.1-160000.3.1 | 0.26.1-160000.3.1 | Mar 30, 2026 | OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allo | |
| CVE-2025-49010 | Low | 3.8 | < 0.26.1-160000.3.1 | 0.26.1-160000.3.1 | Mar 30, 2026 | OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or sm |
- affected < 0.26.1-160000.3.1fixed 0.26.1-160000.3.1
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or s
- affected < 0.26.1-160000.3.1fixed 0.26.1-160000.3.1
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag (high nibble) and value length (low nibble). With a 1-byte buffer {0x0A}, the enc
- affected < 0.26.1-160000.3.1fixed 0.26.1-160000.3.1
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allo
- affected < 0.26.1-160000.3.1fixed 0.26.1-160000.3.1
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or sm