CVE-2025-66037

NameCVE-2025-66037
DescriptionOpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
opensc (PTS)bullseye0.21.0-1vulnerable
bullseye (security)0.21.0-1+deb11u1vulnerable
bookworm0.23.0-0.3+deb12u2vulnerable
trixie0.26.1-2vulnerable
forky, sid0.27.0~rc2-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openscsource(unstable)(unfixed)

Notes

https://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx
https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037
Fixed by: https://github.com/OpenSC/OpenSC/commit/65fc211015cfcac27b10d0876054156c97225f50 (0.27.0)
Search for package or bug name: Reporting problems