CVE-2021-42781 CVE-2021-42782 CVE-2023-2977 CVE-2023-5992 CVE-2023-40660 CVE-2023-40661 CVE-2024-1454 CVE-2024-8443 CVE-2024-45615 CVE-2024-45616 CVE-2024-45617 CVE-2024-45618 CVE-2024-45619 CVE-2024-45620 Debian Bug : 1037021 1055521 1055522 1064189 1082853 1082859 1082860 1082861 1082862 1082863 1082864
Multiple vulnerabilities were found in opensc, a set of libraries and utilities to access smart cards, which could lead to application crash, information leak, or PIN bypass.
CVE-2021-34193
Multiple stack overflow vulnerabilities were discovered in OpenSC
smart card middleware via crafted responses to APDUs.
CVE-2021-42778
A heap double free issue was found in sc_pkcs15_free_tokeninfo().
CVE-2021-42779
A heap use after free issue was found in sc_file_valid().
CVE-2021-42780
A use after return issue was found in the insert_pin() function,
which could potentially crash programs using the library.
CVE-2021-42781
Multiple heap buffer overflow issues were found in
pkcs15-oberthur.c, which could potentially crash programs using the
library.
CVE-2021-42782
Multiple buffer overflow issues were found in various places, which
could potentially crash programs using the library.
CVE-2023-2977
A buffer overrun vulnerability was found in pkcs15's
cardos_have_verifyrc_package(). When supplying a smart card package
with malformed ASN.1 context, an attacker can trigger a crash or
information leak via heap-based buffer out-of-bound read.
CVE-2023-5992
Alicja Karion discovered that the code handling the PKCS#1.5
encryption padding removal was not implemented in side-channel
resistant way, which can lead to decryption of previously captured
RSA ciphertexts and forging of signatures based on the timing data
(Marvin attack).
CVE-2023-40660
Deepanjan Pal discovered a potential PIN bypass with empty PIN....
0.21.0-1+deb11u1