Vulnerabilities > Opensc Project

DATE CVE VULNERABILITY TITLE RISK
2024-01-31 CVE-2023-5992 Information Exposure Through Discrepancy vulnerability in multiple products
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant.
network
high complexity
opensc-project redhat CWE-203
5.9
5.9
2023-11-06 CVE-2023-40660 Improper Authentication vulnerability in multiple products
A flaw was found in OpenSC packages that allow a potential PIN bypass.
low complexity
opensc-project redhat CWE-287
6.6
6.6
2023-11-06 CVE-2023-40661 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards.
low complexity
opensc-project redhat CWE-119
6.4
6.4
2023-11-06 CVE-2023-4535 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. 		3.8
3.8
2023-08-22 CVE-2021-34193 Out-of-bounds Write vulnerability in Opensc Project Opensc
Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs.
network
low complexity
opensc-project CWE-787
7.5
7.5
2023-06-01 CVE-2023-2977 Out-of-bounds Read vulnerability in multiple products
A vulnerbility was found in OpenSC.
local
low complexity
opensc-project redhat CWE-125
7.1
7.1
2022-04-18 CVE-2021-42778 Double Free vulnerability in multiple products
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.
network
low complexity
opensc-project fedoraproject redhat CWE-415
5.3
5.3
2022-04-18 CVE-2021-42779 Use After Free vulnerability in multiple products
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.
network
low complexity
opensc-project fedoraproject redhat CWE-416
5.3
5.3
2022-04-18 CVE-2021-42780 Unchecked Return Value vulnerability in multiple products
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
network
low complexity
opensc-project fedoraproject redhat CWE-252
5.3
5.3
2022-04-18 CVE-2021-42781 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.
network
low complexity
opensc-project fedoraproject redhat CWE-787
5.3
5.3