CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26571 – opensc: stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init
https://notcve.org/view.php?id=CVE-2020-26571
06 Oct 2020 — The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. El controlador de software de la tarjeta inteligente gemsafe GPK en OpenSC versiones anteriores a 0.21.0-rc1, presenta un desbordamiento en la región stack de la memoria en la función sc_pkcs15emu_gemsafeGPK_init The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enable... • http://www.openwall.com/lists/oss-security/2020/11/24/4 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26572 – opensc: stack-based buffer overflow in tcos_decipher
https://notcve.org/view.php?id=CVE-2020-26572
06 Oct 2020 — The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. El controlador de software de la tarjeta inteligente TCOS en OpenSC versiones anteriores a 0.21.0-rc1, presenta un desbordamiento en la región stack de la memoria en la función tcos_decipher The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encrypt... • http://www.openwall.com/lists/oss-security/2020/11/24/4 • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-20792 – opensc: Double free in coolkey_free_private_data in libopensc/card-coolkey.c
https://notcve.org/view.php?id=CVE-2019-20792
29 Apr 2020 — OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check. OpenSC versiones anteriores a 0.20.0, tiene una vulnerabilidad de doble liberación en la función coolkey_free_private_data porque la función coolkey_add_object en el archivo libopensc/card-coolkey.c carece de una comprobación de unicidad. A use-after-free vulnerability was discovered in OpenSC while disconnecting a smart card. This flaw allows a physical attack... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1866
https://notcve.org/view.php?id=CVE-2013-1866
30 Jan 2020 — OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability OpenSC OpenSC.tokend, presenta una vulnerabilidad de Creación de Archivos Arbitraria y Sobreescritura. • http://www.securityfocus.com/bid/58620 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-19479 – opensc: Incorrect read operation during parsing of a SETCOS file attribute
https://notcve.org/view.php?id=CVE-2019-19479
01 Dec 2019 — An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. Se detectó un problema en OpenSC versiones hasta 0.19.0 y versiones 0.20.x hasta 0.20.0-rc3. El archivo libopensc/card-setcos.c presenta una operación de lectura incorrecta durante el análisis de un atributo de archivo SETCOS. The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on... • http://www.openwall.com/lists/oss-security/2019/12/29/1 • CWE-125: Out-of-bounds Read •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 1CVE-2019-19480
https://notcve.org/view.php?id=CVE-2019-19480
01 Dec 2019 — An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. Se detectó un problema en OpenSC versiones hasta 0.19.0 y versiones 0.20.x hasta 0.20.0-rc3. El archivo libopensc/pkcs15-prkey.c presenta una operación liberada incorrecta en la función sc_pkcs15_decode_prkdf_entry. • http://www.openwall.com/lists/oss-security/2019/12/29/1 • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-15946 – opensc: Out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c
https://notcve.org/view.php?id=CVE-2019-15946
05 Sep 2019 — OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. OpenSC en versiones anteriores a la 0.20.0-rc1 tiene un acceso fuera de los límites de Octet string ASN.1 en asn1_decode_entry en libopensc/asn1.c. The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Issues addr... • http://www.openwall.com/lists/oss-security/2019/12/29/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-15945 – opensc: Out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c
https://notcve.org/view.php?id=CVE-2019-15945
05 Sep 2019 — OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. OpenSC en versiones anteriores a la 0.20.0-rc1 tiene un acceso fuera de límites de una Bitstring ASN.1 en decode_bit_string en libopensc/asn1.c. The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Issues addressed ... • http://www.openwall.com/lists/oss-security/2019/12/29/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16418 – opensc: Buffer overflow handling string concatention in tools/util.c:util_acl_to_str()
https://notcve.org/view.php?id=CVE-2018-16418
04 Sep 2018 — A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Un desbordamiento de búfer al manejar la concatenación de cadenas en util_acl_to_str en tools/util.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podría ser empleado por atacantes para proporcionar smartcards manipuladas para provocar una... • https://access.redhat.com/errata/RHSA-2019:2154 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16419 – opensc: Buffer overflow handling responses from Cryptoflex cards in cryptoflex-tool.c:read_public_key()
https://notcve.org/view.php?id=CVE-2018-16419
04 Sep 2018 — Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Varios desbordamientos de búfer al manejar las respuestas de una tarjeta Cryptoflex en read_public_key en tools/cryptoflex-tool.c en OpenSC en versiones anteriores a la 0.19.0-rc1 podrían ser empleados por atacant... • https://access.redhat.com/errata/RHSA-2019:2154 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •