Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:opensc_project:opensc:0.3.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-1866 |
OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability Published: January 30, 2020; 9:15:11 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 6.3 MEDIUM |
CVE-2019-19480 |
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry. Published: December 01, 2019; 6:15:10 PM -0500 |
V4.0:(not available) V3.1: 4.6 MEDIUM V2.0: 2.1 LOW |
CVE-2019-19479 |
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. Published: December 01, 2019; 6:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2019-16058 |
An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme. Published: September 06, 2019; 2:15:15 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-15946 |
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. Published: September 05, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.1: 6.4 MEDIUM V2.0: 4.4 MEDIUM |
CVE-2019-15945 |
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. Published: September 05, 2019; 1:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.4 MEDIUM V2.0: 4.4 MEDIUM |
CVE-2018-16427 |
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs. Published: September 03, 2018; 8:29:01 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 2.1 LOW |
CVE-2018-16426 |
Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs. Published: September 03, 2018; 8:29:01 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 2.1 LOW |
CVE-2018-16425 |
A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Published: September 03, 2018; 8:29:01 PM -0400 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2018-16424 |
A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Published: September 03, 2018; 8:29:01 PM -0400 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2018-16423 |
A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Published: September 03, 2018; 8:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2018-16422 |
A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Published: September 03, 2018; 8:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2018-16421 |
Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Published: September 03, 2018; 8:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2018-16420 |
Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Published: September 03, 2018; 8:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2018-16419 |
Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Published: September 03, 2018; 8:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2018-16418 |
A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Published: September 03, 2018; 8:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2018-16393 |
Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Published: September 03, 2018; 10:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.8 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2018-16392 |
Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Published: September 03, 2018; 10:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.8 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2018-16391 |
Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. Published: September 03, 2018; 10:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.8 MEDIUM V2.0: 4.6 MEDIUM |