Primary

Context

OpenSC Stack Buffer Overflow Vulnerability in PIV History Processing

Vulnerability

Patched

A stack buffer overflow vulnerability has been identified in OpenSC versions prior to 0.27.0-rc1. The issue, located in the 'piv_process_history()' function within 'src/libopensc/card-piv.c', allows physically present attackers to cause memory corruption. This is achieved by presenting a crafted PIV smart card or USB device that returns a URL field longer than 118 bytes in the Key History Object ASN.1 response.

Impact

Exploitation of this vulnerability leads to memory corruption, which can potentially be exploited to execute arbitrary code.

Remediation

Users can upgrade to OpenSC version 0.27.0-rc1 or later to address this vulnerability.

Added: May 29, 2026, 2:37 PM

Updated: May 29, 2026, 2:37 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.6

exploitability

4.0

remediation

7.7

relevance

9.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.6

exploitability

4.0

remediation

7.7

relevance

9.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenSC Stack Buffer Overflow Vulnerability in PIV History Processing

Vulnerability

Impact

Remediation

Affected Products

OpenSC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating