OpenSC is an open-source suite of tools and libraries for interacting with smart cards and PKCS#15 token formats. It is widely used in Linux distributions for authentication, code signing, and other security services. A notable security issue discussed on WindowsForum is CVE-2023-2977, an ASN.1 parsing bug in the pkcs15-cardos codepath that can cause a heap-based out-of-bounds read. This vulnerability has prompted security updates from multiple Linux distributors and source-level fixes in downstream package trees. The tag covers discussions about OpenSC vulnerabilities, patches, and related smart card security topics.
-
CVE-2026-10275 is a disclosed OpenSC vulnerability affecting pkcs11-tool in versions up to 0.26.1, where the test_kpgen_certwrite function in src/tools/pkcs11-tool.c can overflow a fixed-size buffer during PKCS#11 key-generation testing when handed an oversized CKA_ID value. The bug is not...
-
OpenSC contains a subtle ASN.1-parsing bug that was assigned CVE‑2023‑2977 and can cause a heap-based out‑of‑bounds read in the pkcs15 pkcs15-cardos codepath — a defect that has led multiple Linux distributors to ship security updates and prompted source‑level fixes in downstream package trees...