OpenSC contains a subtle ASN.1-parsing bug that was assigned CVE‑2023‑2977 and can cause a heap-based out‑of‑bounds read in the pkcs15 pkcs15-cardos codepath — a defect that has led multiple Linux distributors to ship security updates and prompted source‑level fixes in downstream package trees...
