VYPR

Opensc

by Opensc Project

Source repositories

CVEs (35)

  • CVE-2021-42778Apr 18, 2022
    risk 0.00cvss epss 0.02

    A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.

  • CVE-2021-42781Apr 18, 2022
    risk 0.00cvss epss 0.03

    Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.

  • CVE-2021-42780Apr 18, 2022
    risk 0.00cvss epss 0.02

    A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.

  • CVE-2021-42782Apr 18, 2022
    risk 0.00cvss epss 0.03

    Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.

  • CVE-2021-42779Apr 18, 2022
    risk 0.00cvss epss 0.02

    A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.

  • CVE-2019-20792Apr 29, 2020
    risk 0.00cvss epss 0.01

    OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.

  • CVE-2019-19479Dec 1, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.

  • CVE-2019-19481Dec 1, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.

  • CVE-2019-19480Dec 1, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.

  • CVE-2019-15946Sep 5, 2019
    risk 0.00cvss epss 0.00

    OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.

  • CVE-2019-15945Sep 5, 2019
    risk 0.00cvss epss 0.00

    OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.

  • CVE-2019-6502Jan 22, 2019
    risk 0.00cvss epss 0.02

    sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.

  • CVE-2010-4523Jan 7, 2011
    risk 0.00cvss epss 0.01

    Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c.

  • CVE-2008-3972Sep 11, 2008
    risk 0.00cvss epss 0.00

    pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by…

  • CVE-2008-2235Aug 1, 2008
    risk 0.00cvss epss 0.00

    OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.

Page 2 of 2