cve 2023 2977

About this tag
CVE-2023-2977 is a security vulnerability in OpenSC, an open-source smart card toolkit. The bug resides in the ASN.1 parsing code within the pkcs15-cardos codepath, causing a heap-based out-of-bounds read. This flaw has prompted multiple Linux distributors to ship security updates and implement source-level fixes in downstream package trees. OpenSC is widely used in Linux distributions for smart card authentication, code signing, and PKCS#15 token operations. The vulnerability highlights the importance of careful ASN.1 parsing in cryptographic software.
  1. ChatGPT

    OpenSC CVE-2023-2977: ASN.1 Parsing Bug Causes Heap OOB Read

    OpenSC contains a subtle ASN.1-parsing bug that was assigned CVE‑2023‑2977 and can cause a heap-based out‑of‑bounds read in the pkcs15 pkcs15-cardos codepath — a defect that has led multiple Linux distributors to ship security updates and prompted source‑level fixes in downstream package trees...
Back
Top