Opensc
Source repositories
CVEs (35)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-42778 | 0.00 | — | 0.02 | Apr 18, 2022 | A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. | |||
| CVE-2021-42781 | 0.00 | — | 0.03 | Apr 18, 2022 | Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library. | |||
| CVE-2021-42780 | 0.00 | — | 0.02 | Apr 18, 2022 | A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library. | |||
| CVE-2021-42782 | 0.00 | — | 0.03 | Apr 18, 2022 | Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library. | |||
| CVE-2021-42779 | 0.00 | — | 0.02 | Apr 18, 2022 | A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. | |||
| CVE-2019-20792 | 0.00 | — | 0.01 | Apr 29, 2020 | OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check. | |||
| CVE-2019-19479 | 0.00 | — | 0.00 | Dec 1, 2019 | An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. | |||
| CVE-2019-19481 | 0.00 | — | 0.00 | Dec 1, 2019 | An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates. | |||
| CVE-2019-19480 | 0.00 | — | 0.01 | Dec 1, 2019 | An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. | |||
| CVE-2019-15946 | 0.00 | — | 0.00 | Sep 5, 2019 | OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. | |||
| CVE-2019-15945 | 0.00 | — | 0.00 | Sep 5, 2019 | OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. | |||
| CVE-2019-6502 | 0.00 | — | 0.02 | Jan 22, 2019 | sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. | |||
| CVE-2010-4523 | 0.00 | — | 0.01 | Jan 7, 2011 | Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c. | |||
| CVE-2008-3972 | 0.00 | — | 0.00 | Sep 11, 2008 | pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by… | |||
| CVE-2008-2235 | 0.00 | — | 0.00 | Aug 1, 2008 | OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN. |
- CVE-2021-42778Apr 18, 2022risk 0.00cvss —epss 0.02
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.
- CVE-2021-42781Apr 18, 2022risk 0.00cvss —epss 0.03
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.
- CVE-2021-42780Apr 18, 2022risk 0.00cvss —epss 0.02
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
- CVE-2021-42782Apr 18, 2022risk 0.00cvss —epss 0.03
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
- CVE-2021-42779Apr 18, 2022risk 0.00cvss —epss 0.02
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.
- CVE-2019-20792Apr 29, 2020risk 0.00cvss —epss 0.01
OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.
- CVE-2019-19479Dec 1, 2019risk 0.00cvss —epss 0.00
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.
- CVE-2019-19481Dec 1, 2019risk 0.00cvss —epss 0.00
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.
- CVE-2019-19480Dec 1, 2019risk 0.00cvss —epss 0.01
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.
- CVE-2019-15946Sep 5, 2019risk 0.00cvss —epss 0.00
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.
- CVE-2019-15945Sep 5, 2019risk 0.00cvss —epss 0.00
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.
- CVE-2019-6502Jan 22, 2019risk 0.00cvss —epss 0.02
sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.
- CVE-2010-4523Jan 7, 2011risk 0.00cvss —epss 0.01
Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c.
- CVE-2008-3972Sep 11, 2008risk 0.00cvss —epss 0.00
pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by…
- CVE-2008-2235Aug 1, 2008risk 0.00cvss —epss 0.00
OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.
Page 2 of 2