| शीर्षक | OpenSC OpenSC 0.26.1 and earlier Buffer Overflow |
|---|
| विवरण | Vulnerability Basic Information
● Vulnerability Name: OpenSC pkcs11-tool Key Generation Module Input Validation Flaw Leading to Global Buffer Overflow
● Vulnerability Type: Buffer Overflow (CWE-120 / CWE-787)
● Affected Component: OpenSC (especially the pkcs11-tool tool)
● Affected Versions: OpenSC 0.26.1 and earlier
● Severity: Medium / High (depending on execution context)
● Attack Vector: Local / Physical
● Prerequisites: The attacker must craft a malicious PKCS#11 module to be loaded by the victim, or provide a malicious physical smart card device with customized firmware, and induce the victim to interact with it via pkcs11-tool, thereby triggering the test_kpgen_certwrite logic. |
|---|
| स्रोत | ⚠️ https://github.com/OpenSC/OpenSC/issues/3682 |
|---|
| उपयोगकर्ता | Fantasy (UID 69897) |
|---|
| सबमिशन | 11/05/2026 10:08 AM (30 दिन पहले) |
|---|
| संयम | 31/05/2026 06:00 PM (20 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367568 [OpenSC तक 0.26.1 pkcs11-tool Key Generation src/tools/pkcs11-tool.c test_kpgen_certwrite बफ़र ओवरफ़्लो] |
|---|
| अंक | 20 |
|---|