Information on source package opensc

Available versions

ReleaseVersion
jessie0.14.0-2
jessie (security)0.16.0-3+deb8u1
stretch0.16.0-3+deb9u1
buster0.19.0-1
bullseye0.19.0-2
sid0.19.0-2

Open issues

BugjessiestretchbusterbullseyesidDescription
CVE-2019-15946fixedvulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableOpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet ...
CVE-2019-15945fixedvulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableOpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitst ...

Open unimportant issues

BugjessiestretchbusterbullseyesidDescription
CVE-2019-6502vulnerablevulnerablevulnerablevulnerablevulnerablesc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory ...

Resolved issues

BugDescription
CVE-2018-16427Various out of bounds reads when handling responses in OpenSC before 0 ...
CVE-2018-16426Endless recursion when handling responses from an IAS-ECC card in iase ...
CVE-2018-16425A double free when handling responses from an HSM Card in sc_pkcs15emu ...
CVE-2018-16424A double free when handling responses in read_file in tools/egk-tool.c ...
CVE-2018-16423A double free when handling responses from a smartcard in sc_file_set_ ...
CVE-2018-16422A single byte buffer overflow when handling responses from an esteid C ...
CVE-2018-16421Several buffer overflows when handling responses from a CAC Card in ca ...
CVE-2018-16420Several buffer overflows when handling responses from an ePass 2003 Ca ...
CVE-2018-16419Several buffer overflows when handling responses from a Cryptoflex car ...
CVE-2018-16418A buffer overflow when handling string concatenation in util_acl_to_st ...
CVE-2018-16393Several buffer overflows when handling responses from a Gemsafe V1 Sma ...
CVE-2018-16392Several buffer overflows when handling responses from a TCOS Card in t ...
CVE-2018-16391Several buffer overflows when handling responses from a Muscle Card in ...
CVE-2010-4523Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 a ...
CVE-2009-1603src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used wit ...
CVE-2009-0368OpenSC before 0.11.7 allows physically proximate attackers to bypass i ...
CVE-2008-3972pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to ...
CVE-2008-2235OpenSC before 0.11.5 uses weak permissions (ADMIN file control informa ...

Security announcements

DSA / DLADescription
DLA-1916-1opensc - security update
DSA-1734-1opensc - information disclosure
DSA-1627-2opensc - smart card vulnerability

Search for package or bug name: Reporting problems