← back
CVE-2025-66215

OpenSC: Stack-buffer-overflow WRITE in card-oberthur

CVSS 3.8 LOWEPSS 0.2%CWE-121
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected products
OpenSC · OpenSC

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/OpenSC/OpenSC/commit/efd1d479832141bcf705c2f47655ada4d5f92f5dhttps://github.com/OpenSC/OpenSC/pull/3436https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5fc-cw56-hwp2https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66215