Vulnerabilities > Opensc Project

DATE CVE VULNERABILITY TITLE RISK
2023-11-06 CVE-2023-40661 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards.
low complexity
opensc-project redhat CWE-119
6.4
2023-11-06 CVE-2023-4535 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption.
3.8
2023-08-22 CVE-2021-34193 Out-of-bounds Write vulnerability in Opensc Project Opensc
Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs.
network
low complexity
opensc-project CWE-787
7.5
2023-06-01 CVE-2023-2977 Out-of-bounds Read vulnerability in multiple products
A vulnerbility was found in OpenSC.
local
low complexity
opensc-project redhat CWE-125
7.1
2022-04-18 CVE-2021-42778 Double Free vulnerability in multiple products
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.
network
low complexity
opensc-project fedoraproject redhat CWE-415
5.3
2022-04-18 CVE-2021-42779 Use After Free vulnerability in multiple products
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.
network
low complexity
opensc-project fedoraproject redhat CWE-416
5.3
2022-04-18 CVE-2021-42780 Unchecked Return Value vulnerability in multiple products
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
network
low complexity
opensc-project fedoraproject redhat CWE-252
5.3
2022-04-18 CVE-2021-42781 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.
network
low complexity
opensc-project fedoraproject redhat CWE-787
5.3
2022-04-18 CVE-2021-42782 Out-of-bounds Write vulnerability in multiple products
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
network
low complexity
opensc-project fedoraproject CWE-787
5.3
2020-10-06 CVE-2020-26572 Out-of-bounds Write vulnerability in multiple products
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
5.5