openscad
by Openscad
Source repositories
CVEs (52)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-4535 | Med | 0.00 | 4.5 | 0.00 | Nov 6, 2023 | An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows… | ||
| CVE-2023-2977 | Hig | 0.00 | 7.1 | 0.00 | Jun 1, 2023 | A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2… | ||
| CVE-2022-0497 | Hig | 0.00 | 7.1 | 0.00 | Aug 29, 2022 | A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations. | ||
| CVE-2022-0496 | Med | 0.00 | 5.5 | 0.00 | Aug 29, 2022 | A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import(). | ||
| CVE-2021-42782 | Med | 0.00 | 5.3 | 0.03 | Apr 18, 2022 | Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library. | ||
| CVE-2021-42781 | Med | 0.00 | 5.3 | 0.03 | Apr 18, 2022 | Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library. | ||
| CVE-2021-42780 | Med | 0.00 | 5.3 | 0.02 | Apr 18, 2022 | A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library. | ||
| CVE-2021-42779 | Med | 0.00 | 5.3 | 0.02 | Apr 18, 2022 | A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. | ||
| CVE-2021-42778 | Med | 0.00 | 5.3 | 0.02 | Apr 18, 2022 | A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. | ||
| CVE-2020-26572 | Med | 0.00 | 5.5 | 0.00 | Oct 6, 2020 | The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. | ||
| CVE-2020-26570 | Med | 0.00 | 5.5 | 0.00 | Oct 6, 2020 | The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file. | ||
| CVE-2019-19481 | Med | 0.00 | 4.6 | 0.00 | Dec 1, 2019 | An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates. | ||
| CVE-2019-19480 | Med | 0.00 | 4.6 | 0.01 | Dec 1, 2019 | An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. | ||
| CVE-2019-19479 | Med | 0.00 | 5.5 | 0.00 | Dec 1, 2019 | An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. | ||
| CVE-2019-15946 | Med | 0.00 | 6.4 | 0.00 | Sep 5, 2019 | OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. | ||
| CVE-2019-15945 | Med | 0.00 | 6.4 | 0.00 | Sep 5, 2019 | OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. | ||
| CVE-2018-16427 | Med | 0.00 | 4.3 | 0.00 | Sep 4, 2018 | Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs. | ||
| CVE-2018-16426 | Med | 0.00 | 4.3 | 0.01 | Sep 4, 2018 | Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs. | ||
| CVE-2018-16425 | Med | 0.00 | 6.6 | 0.01 | Sep 4, 2018 | A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified… | ||
| CVE-2018-16424 | Med | 0.00 | 6.6 | 0.01 | Sep 4, 2018 | A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. |
- risk 0.00cvss 4.5epss 0.00
An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows…
- risk 0.00cvss 7.1epss 0.00
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2…
- risk 0.00cvss 7.1epss 0.00
A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations.
- risk 0.00cvss 5.5epss 0.00
A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import().
- risk 0.00cvss 5.3epss 0.03
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
- risk 0.00cvss 5.3epss 0.03
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.
- risk 0.00cvss 5.3epss 0.02
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
- risk 0.00cvss 5.3epss 0.02
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.
- risk 0.00cvss 5.3epss 0.02
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.
- risk 0.00cvss 5.5epss 0.00
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
- risk 0.00cvss 5.5epss 0.00
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.
- risk 0.00cvss 4.6epss 0.00
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.
- risk 0.00cvss 4.6epss 0.01
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.
- risk 0.00cvss 5.5epss 0.00
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.
- risk 0.00cvss 6.4epss 0.00
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.
- risk 0.00cvss 6.4epss 0.00
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.
- risk 0.00cvss 4.3epss 0.00
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.
- risk 0.00cvss 4.3epss 0.01
Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.
- risk 0.00cvss 6.6epss 0.01
A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified…
- risk 0.00cvss 6.6epss 0.01
A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
Page 2 of 3