TROYANOSYVIRUS
Volver a CVEs

CVE-2025-66038

LOW
3.9

Descripcion

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag (high nibble) and value length (low nibble). With a 1-byte buffer {0x0A}, the encoded element claims tag=0 and length=10 but no value bytes follow. Calling sc_compacttlv_find_tag with search tag 0x00 returns a pointer equal to buf+1 and outlen=10 without verifying that the claimed value length fits within the remaining buffer. In cases where the sc_compacttlv_find_tag is provided untrusted data (such as being read from cards/files), attackers may be able to influence it to return out-of-bounds pointers leading to downstream memory corruption when subsequent code tries to dereference the pointer. This issue has been patched in version 0.27.0.

Detalles CVE

Puntuacion CVSS v3.13.9
SeveridadLOW
Vector CVSSCVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Vector de ataquePHYSICAL
ComplejidadHIGH
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado3/30/2026
Ultima modificacion4/1/2026
Fuentenvd
Avistamientos honeypot0

Productos afectados

opensc_project:opensc

Debilidades (CWE)

CWE-126

Referencias

https://github.com/OpenSC/OpenSC/commit/6db171bcb6fd7cb3b51098fefbb3b28e44f0a79c(security-advisories@github.com)
https://github.com/OpenSC/OpenSC/security/advisories/GHSA-72x5-fwjx-2459(security-advisories@github.com)
https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66038(security-advisories@github.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.