Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34193 | 1 Opensc Project | 1 Opensc | 2023-08-28 | N/A | 7.5 HIGH |
| Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs. | |||||
| CVE-2023-2977 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2023-08-17 | N/A | 7.1 HIGH |
| A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible. | |||||
| CVE-2019-6502 | 1 Opensc Project | 1 Opensc | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. | |||||
| CVE-2019-16058 | 1 Opensc Project | 1 Opensc | 2019-09-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme. | |||||