Total
36 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20792 | 1 Opensc Project | 1 Opensc | 2020-05-26 | 4.6 MEDIUM | 6.8 MEDIUM |
| OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check. | |||||
| CVE-2013-1866 | 2 Apple, Opensc Project | 2 Mac Os X, Opensc | 2020-02-03 | 6.3 MEDIUM | 6.1 MEDIUM |
| OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability | |||||
| CVE-2018-16426 | 1 Opensc Project | 1 Opensc | 2019-10-03 | 2.1 LOW | 4.3 MEDIUM |
| Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs. | |||||
| CVE-2019-16058 | 1 Opensc Project | 1 Opensc | 2019-09-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme. | |||||
| CVE-2018-16425 | 1 Opensc Project | 1 Opensc | 2019-09-11 | 4.6 MEDIUM | 6.6 MEDIUM |
| A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-16424 | 1 Opensc Project | 1 Opensc | 2019-09-11 | 4.6 MEDIUM | 6.6 MEDIUM |
| A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-16427 | 1 Opensc Project | 1 Opensc | 2019-08-06 | 2.1 LOW | 4.3 MEDIUM |
| Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs. | |||||
| CVE-2018-16423 | 1 Opensc Project | 1 Opensc | 2019-08-06 | 4.6 MEDIUM | 6.6 MEDIUM |
| A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-16422 | 1 Opensc Project | 1 Opensc | 2019-08-06 | 4.6 MEDIUM | 6.6 MEDIUM |
| A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-16421 | 1 Opensc Project | 1 Opensc | 2019-08-06 | 4.6 MEDIUM | 6.6 MEDIUM |
| Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-16420 | 1 Opensc Project | 1 Opensc | 2019-08-06 | 4.6 MEDIUM | 6.6 MEDIUM |
| Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-16419 | 1 Opensc Project | 1 Opensc | 2019-08-06 | 4.6 MEDIUM | 6.6 MEDIUM |
| Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-16418 | 1 Opensc Project | 1 Opensc | 2019-08-06 | 4.6 MEDIUM | 6.6 MEDIUM |
| A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-16393 | 1 Opensc Project | 1 Opensc | 2019-08-06 | 4.6 MEDIUM | 6.8 MEDIUM |
| Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-16392 | 1 Opensc Project | 1 Opensc | 2019-08-06 | 4.6 MEDIUM | 6.8 MEDIUM |
| Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-16391 | 1 Opensc Project | 1 Opensc | 2019-08-06 | 4.6 MEDIUM | 6.8 MEDIUM |
| Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||