CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26571 – opensc: stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init
https://notcve.org/view.php?id=CVE-2020-26571
06 Oct 2020 — The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. El controlador de software de la tarjeta inteligente gemsafe GPK en OpenSC versiones anteriores a 0.21.0-rc1, presenta un desbordamiento en la región stack de la memoria en la función sc_pkcs15emu_gemsafeGPK_init The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enable... • http://www.openwall.com/lists/oss-security/2020/11/24/4 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26572 – opensc: stack-based buffer overflow in tcos_decipher
https://notcve.org/view.php?id=CVE-2020-26572
06 Oct 2020 — The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. El controlador de software de la tarjeta inteligente TCOS en OpenSC versiones anteriores a 0.21.0-rc1, presenta un desbordamiento en la región stack de la memoria en la función tcos_decipher The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encrypt... • http://www.openwall.com/lists/oss-security/2020/11/24/4 • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-20792 – opensc: Double free in coolkey_free_private_data in libopensc/card-coolkey.c
https://notcve.org/view.php?id=CVE-2019-20792
29 Apr 2020 — OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check. OpenSC versiones anteriores a 0.20.0, tiene una vulnerabilidad de doble liberación en la función coolkey_free_private_data porque la función coolkey_add_object en el archivo libopensc/card-coolkey.c carece de una comprobación de unicidad. A use-after-free vulnerability was discovered in OpenSC while disconnecting a smart card. This flaw allows a physical attack... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1866
https://notcve.org/view.php?id=CVE-2013-1866
30 Jan 2020 — OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability OpenSC OpenSC.tokend, presenta una vulnerabilidad de Creación de Archivos Arbitraria y Sobreescritura. • http://www.securityfocus.com/bid/58620 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-19479 – opensc: Incorrect read operation during parsing of a SETCOS file attribute
https://notcve.org/view.php?id=CVE-2019-19479
01 Dec 2019 — An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. Se detectó un problema en OpenSC versiones hasta 0.19.0 y versiones 0.20.x hasta 0.20.0-rc3. El archivo libopensc/card-setcos.c presenta una operación de lectura incorrecta durante el análisis de un atributo de archivo SETCOS. The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on... • http://www.openwall.com/lists/oss-security/2019/12/29/1 • CWE-125: Out-of-bounds Read •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 1CVE-2019-19480
https://notcve.org/view.php?id=CVE-2019-19480
01 Dec 2019 — An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. Se detectó un problema en OpenSC versiones hasta 0.19.0 y versiones 0.20.x hasta 0.20.0-rc3. El archivo libopensc/pkcs15-prkey.c presenta una operación liberada incorrecta en la función sc_pkcs15_decode_prkdf_entry. • http://www.openwall.com/lists/oss-security/2019/12/29/1 • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-16058
https://notcve.org/view.php?id=CVE-2019-16058
06 Sep 2019 — An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme. Se descubrió un problema en el componente pam_p11 versiones 0.2.0 y 0.3.0 para OpenSC. Si una tarjeta inteligente crea una firma con una longitud mayor a 256 bytes, esto desencadena un desbordamiento de búfer. • http://www.openwall.com/lists/oss-security/2019/09/12/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-15946 – opensc: Out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c
https://notcve.org/view.php?id=CVE-2019-15946
05 Sep 2019 — OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. OpenSC en versiones anteriores a la 0.20.0-rc1 tiene un acceso fuera de los límites de Octet string ASN.1 en asn1_decode_entry en libopensc/asn1.c. The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Issues addr... • http://www.openwall.com/lists/oss-security/2019/12/29/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-15945 – opensc: Out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c
https://notcve.org/view.php?id=CVE-2019-15945
05 Sep 2019 — OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. OpenSC en versiones anteriores a la 0.20.0-rc1 tiene un acceso fuera de límites de una Bitstring ASN.1 en decode_bit_string en libopensc/asn1.c. The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Issues addressed ... • http://www.openwall.com/lists/oss-security/2019/12/29/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16420 – opensc: Buffer overflows handling responses from ePass 2003 Cards in card-epass2003.c:decrypt_response()
https://notcve.org/view.php?id=CVE-2018-16420
04 Sep 2018 — Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Varios desbordamientos de búfer al manejar las respuestas de una ePass 2003 Card en decrypt_response en libopensc/card-epass2003.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podrían ser empleados por a... • https://access.redhat.com/errata/RHSA-2019:2154 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •