threat
engine
.sh
Back
·
··:··
Home
/
Product
/
opensc project opensc
Product
opensc project opensc
53 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-66215
< 0.27.0
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the compute
3.8
LOW
CVE-2025-66038
< 0.27.0
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV b
3.9
LOW
CVE-2025-66037
< 0.27.0
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_read
3.9
LOW
CVE-2025-49010
< 0.27.0
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the compute
3.8
LOW
CVE-2024-8443
all versions
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with mali
2.9
LOW
CVE-2024-45620
< 0.26.0
A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would
3.9
LOW
CVE-2024-45619
< 0.26.0
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device
4.3
MEDIUM
CVE-2024-45618
< 0.26.0
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present
3.9
LOW
CVE-2024-45617
< 0.26.0
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device
3.9
LOW
CVE-2024-45616
< 0.26.0
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device
3.9
LOW
CVE-2024-45615
< 0.26.0
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of
3.9
LOW
CVE-2024-1454
< 0.25.0
The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process usin
3.4
LOW
CVE-2023-5992
< 0.25.0
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This iss
5.6
MEDIUM
CVE-2023-4535
all versions
An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. E
4.5
MEDIUM
CVE-2023-40661
<= 0.23.0
Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs1
5.4
MEDIUM
CVE-2023-40660
<= 0.23.0
A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can p
6.6
MEDIUM
CVE-2021-34193
< 0.22.0
Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs.
7.5
HIGH
CVE-2023-2977
all versions
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package
7.1
HIGH
CVE-2021-42782
< 0.22.0
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs us
5.3
MEDIUM
CVE-2021-42781
< 0.22.0
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs
5.3
MEDIUM
CVE-2021-42780
< 0.22.0
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs us
5.3
MEDIUM
CVE-2021-42779
< 0.22.0
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.
5.3
MEDIUM
CVE-2021-42778
< 0.22.0
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.
5.3
MEDIUM
CVE-2020-26572
<= 0.20.0
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
5.5
MEDIUM
CVE-2020-26571
<= 0.20.0
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGP
5.5
MEDIUM
CVE-2020-26570
<= 0.20.0
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.
5.5
MEDIUM
CVE-2019-20792
< 0.20.0
OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a
6.8
MEDIUM
CVE-2013-1866
< 0.13.0
OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability
6.1
MEDIUM
CVE-2019-19481
all versions
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for
4.6
MEDIUM
CVE-2019-19480
<= 0.19.0
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free ope
4.6
MEDIUM
CVE-2019-19479
<= 0.19.0
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read oper
5.5
MEDIUM
CVE-2019-16058
all versions
An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length lon
7.5
HIGH
CVE-2019-15946
<= 0.19.0
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.
6.4
MEDIUM
CVE-2019-15945
<= 0.19.0
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.
6.4
MEDIUM
CVE-2019-6502
all versions
sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.
7.5
HIGH
CVE-2018-16427
<= 0.18.0
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted
4.3
MEDIUM
CVE-2018-16426
<= 0.18.0
Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0
4.3
MEDIUM
CVE-2018-16425
<= 0.18.0
A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0
6.6
MEDIUM
CVE-2018-16424
<= 0.18.0
A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could b
6.6
MEDIUM
CVE-2018-16423
<= 0.18.0
A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could
6.6
MEDIUM
CVE-2018-16422
<= 0.18.0
A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c
6.6
MEDIUM
CVE-2018-16421
<= 0.18.0
Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC
6.6
MEDIUM
CVE-2018-16420
<= 0.18.0
Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in Open
6.6
MEDIUM
CVE-2018-16419
<= 0.18.0
Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC be
6.6
MEDIUM
CVE-2018-16418
<= 0.18.0
A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used
6.6
MEDIUM
CVE-2018-16393
<= 0.18.0
Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1
6.8
MEDIUM
CVE-2018-16392
<= 0.18.0
Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.
6.8
MEDIUM
CVE-2018-16391
<= 0.18.0
Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC befo
6.8
MEDIUM
CVE-2010-4523
<= 0.11.13
Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute a
CVE-2009-1603
all versions
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA key
7.5
HIGH
CVE-2009-0368
<= 0.11.6
OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a
CVE-2008-3972
<= 0.11.5
pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" s
CVE-2008-2235
all versions
OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB cr
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin