VYPR

libopensc

by Opensc Project

Source repositories

CVEs (15)

  • CVE-2019-6502HigJan 22, 2019
    risk 0.49cvss 7.5epss 0.02

    sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.

  • CVE-2023-40660MedNov 6, 2023
    risk 0.43cvss 6.6epss 0.01

    A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS…

  • CVE-2025-13763MedApr 23, 2026
    risk 0.37cvss 5.7epss 0.00

    Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs

  • CVE-2023-40661MedNov 6, 2023
    risk 0.35cvss 5.4epss 0.01

    Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and…

  • CVE-2024-45619MedSep 3, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized…

  • CVE-2026-10275MedJun 1, 2026
    risk 0.26cvss 5.0epss 0.00

    A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is possible to be carried out remotely. The…

  • CVE-2024-45620LowSep 3, 2024
    risk 0.25cvss 3.9epss 0.00

    A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be…

  • CVE-2024-45618LowSep 3, 2024
    risk 0.25cvss 3.9epss 0.00

    A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with…

  • CVE-2024-45617LowSep 3, 2024
    risk 0.25cvss 3.9epss 0.00

    A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of…

  • CVE-2024-45616LowSep 3, 2024
    risk 0.25cvss 3.9epss 0.00

    A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient…

  • CVE-2024-45615LowSep 3, 2024
    risk 0.25cvss 3.9epss 0.00

    A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).

  • CVE-2024-8443LowSep 10, 2024
    risk 0.19cvss 2.9epss 0.00

    A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in…

  • CVE-2026-40528LowMay 29, 2026
    risk 0.18cvss 3.8epss 0.00

    OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init…

  • CVE-2026-40510LowMay 29, 2026
    risk 0.18cvss 3.8epss 0.00

    OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device…

  • CVE-2024-1454LowFeb 12, 2024
    risk 0.00cvss 3.4epss 0.00

    The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a…