Latest opensc project opensc Vulnerabilities

CVE-2023-5992
Opensc: side-channel leaks while stripping encryption pkcs#1 padding
redhat/OpenSC<0.24.0
Opensc Project Opensc<0.24.0
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
<0.24.0
and 3 more
CVE-2023-4535
Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys
redhat/OpenSC<0.24.0
Opensc Project Opensc=0.23.0
Opensc Project Opensc=0.23.0-rc1
Opensc Project Opensc=0.23.0-rc2
Fedoraproject Fedora=38
Fedoraproject Fedora=39
and 1 more
CVE-2023-40660
Opensc: potential pin bypass when card tracks its own login state
redhat/OpenSC<0.24.0
Opensc Project Opensc<=0.23.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
CVE-2023-40661
Opensc: multiple memory issues with pkcs15-init (enrollment tool)
Opensc Project Opensc<=0.23.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
redhat/OpenSC<0.24.0
CVE-2021-34193
Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs.
Opensc Project Opensc<0.23.0
Opensc Project Opensc<0.22.0
CVE-2023-2977
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 con...
Opensc Project Opensc=0.23.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
CVE-2021-42782
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
Opensc Project Opensc<0.22.0
Fedoraproject Fedora=33
redhat/opensc<0.22.0
CVE-2021-42781
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.
Opensc Project Opensc<0.22.0
Fedoraproject Fedora=33
Redhat Enterprise Linux=7.0
redhat/opensc<0.22.0
CVE-2021-42780
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
Opensc Project Opensc<0.22.0
Fedoraproject Fedora=33
Redhat Enterprise Linux=7.0
redhat/opensc<0.22.0
CVE-2021-42779
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.
Opensc Project Opensc<0.22.0
Fedoraproject Fedora=33
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
redhat/opensc<0.22.0
CVE-2021-42778
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.
Opensc Project Opensc<0.22.0
Fedoraproject Fedora=33
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
redhat/opensc<0.22.0
CVE-2020-26572
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
Opensc Project Opensc<=0.20.0
Fedoraproject Fedora=33
Debian Debian Linux=9.0
CVE-2020-26571
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
Opensc Project Opensc<=0.20.0
Debian Debian Linux=9.0
Fedoraproject Fedora=33
CVE-2020-26570
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.
Opensc Project Opensc<=0.20.0
Fedoraproject Fedora=33
Debian Debian Linux=9.0
CVE-2019-19479
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.
Opensc Project Opensc<=0.19.0
Opensc Project Opensc=0.20.0-rc1
Opensc Project Opensc=0.20.0-rc2
Opensc Project Opensc=0.20.0-rc3
Debian Debian Linux=8.0
Debian Debian Linux=9.0
and 1 more
CVE-2019-19481
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.
Opensc Project Opensc=0.19.0
Opensc Project Opensc=0.20.0-rc1
Opensc Project Opensc=0.20.0-rc2
Opensc Project Opensc=0.20.0-rc3
CVE-2019-16058
An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the c...
Opensc Project Opensc=0.2.0
Opensc Project Opensc=0.3.0
CVE-2019-15946
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.
Opensc Project Opensc<=0.19.0
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Fedoraproject Fedora=31
CVE-2019-15945
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.
Opensc Project Opensc<=0.19.0
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Fedoraproject Fedora=31
CVE-2019-6502
Opensc Project Opensc=0.19.0
CVE-2018-16426
Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards...
Opensc Project Opensc<=0.18.0
redhat/opensc<0.19.0
CVE-2018-16424
A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denia...
Opensc Project Opensc<=0.18.0
CVE-2018-16425
A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards...
Opensc Project Opensc<=0.18.0
CVE-2018-16427
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.
Opensc Project Opensc<=0.18.0
redhat/opensc<0.19.0
CVE-2018-16421
Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted sm...
Opensc Project Opensc<=0.18.0
CVE-2018-16419
Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smar...
Opensc Project Opensc<=0.18.0
redhat/opensc<0.19.0
CVE-2018-16422
A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply...
Opensc Project Opensc<=0.18.0
redhat/opensc<0.19.0
CVE-2018-16423
A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a den...
Opensc Project Opensc<=0.18.0
CVE-2018-16418
A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of se...
Opensc Project Opensc<=0.18.0
redhat/opensc<0.19.0
CVE-2018-16420
Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted...
Opensc Project Opensc<=0.18.0
redhat/opensc<0.19.0
CVE-2018-16391
Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartc...
Opensc Project Opensc<=0.18.0
CVE-2018-16392
Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards ...
Opensc Project Opensc<=0.18.0
CVE-2018-16393
Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supp...
redhat/opensc<0.19.0
Opensc Project Opensc<=0.18.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203