Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Opensc
(Opensc_project)| Repositories | https://github.com/OpenSC/OpenSC |
| #Vulnerabilities | 44 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-04-18 | CVE-2021-42780 | A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library. | Fedora, Opensc, Enterprise_linux | 5.3 | ||
| 2022-04-18 | CVE-2021-42781 | Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library. | Fedora, Opensc, Enterprise_linux | 5.3 | ||
| 2022-04-18 | CVE-2021-42782 | Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library. | Fedora, Opensc | 5.3 | ||
| 2022-04-18 | CVE-2021-42778 | A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. | Fedora, Opensc, Enterprise_linux | 5.3 | ||
| 2020-04-29 | CVE-2019-20792 | OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check. | Opensc | N/A | ||
| 2020-01-30 | CVE-2013-1866 | OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability | Opensc | N/A | ||
| 2019-09-06 | CVE-2019-16058 | An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme. | Opensc | 7.5 | ||
| 2018-09-04 | CVE-2018-16425 | A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | Opensc | 6.6 | ||
| 2018-09-04 | CVE-2018-16424 | A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | Opensc | 6.6 | ||
| 2018-09-04 | CVE-2018-16427 | Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs. | Opensc | 4.3 |