OpenSC
Moderate fix1 remedy
cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 0.26.1
OpenSC Stack-Buffer-Overflow Vulnerability in Oberthur Card Driver
Vulnerability
Patched
A stack-buffer-overflow vulnerability has been identified in the OpenSC smart card tools and middleware, specifically within the card-oberthur driver, prior to version 0.27.0. This vulnerability allows an attacker with physical access to the computer to cause a write overflow by using a crafted USB device or smart card that delivers specially tailored responses to the APDUs. The issue has been patched in version 0.27.0.
Impact
Exploitation of this vulnerability could lead to a stack-buffer-overflow write, allowing for potential crashes, data corruption, or unexpected behavior in applications using OpenSC.
Reproduction
The vulnerability can be reproduced by using a crafted USB device or smart card that responds to APDU commands in a way that exceeds the expected data length. This can be done by manipulating the APDU responses to include more data than the driver can safely handle, causing a buffer overflow on the stack.
Remediation
Users can upgrade to OpenSC version 0.27.0 or later to address this vulnerability.
Added: Mar 30, 2026, 6:38 PM
Updated: Mar 30, 2026, 6:38 PM
Vulnerability Rating
Custom Algorithm
spread
5.4impact
3.1exploitability
3.9remediation
7.7relevance
4.9threat
4.8urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.