Opensc Project: >> Opensc >> 0.3.1 Security Vulnerabilities
OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability
CVSS Score
6.1
EPSS Score
0.001
Published
2020-01-30
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-12-01
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.
CVSS Score
4.6
EPSS Score
0.002
Published
2019-12-01
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.
CVSS Score
6.4
EPSS Score
0.0
Published
2019-09-05
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.
CVSS Score
6.4
EPSS Score
0.001
Published
2019-09-05
A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVSS Score
6.6
EPSS Score
0.002
Published
2018-09-04
A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVSS Score
6.6
EPSS Score
0.002
Published
2018-09-04
Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.
CVSS Score
4.3
EPSS Score
0.002
Published
2018-09-04
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.
CVSS Score
4.3
EPSS Score
0.002
Published
2018-09-04
A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVSS Score
6.6
EPSS Score
0.002
Published
2018-09-04