TROYANOSYVIRUS
Voltar para CVEs

CVE-2025-66038

LOW
3.9

Descricao

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag (high nibble) and value length (low nibble). With a 1-byte buffer {0x0A}, the encoded element claims tag=0 and length=10 but no value bytes follow. Calling sc_compacttlv_find_tag with search tag 0x00 returns a pointer equal to buf+1 and outlen=10 without verifying that the claimed value length fits within the remaining buffer. In cases where the sc_compacttlv_find_tag is provided untrusted data (such as being read from cards/files), attackers may be able to influence it to return out-of-bounds pointers leading to downstream memory corruption when subsequent code tries to dereference the pointer. This issue has been patched in version 0.27.0.

Detalhes CVE

Pontuacao CVSS v3.13.9
SeveridadeLOW
Vetor CVSSCVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Vetor de ataquePHYSICAL
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado3/30/2026
Ultima modificacao4/1/2026
Fontenvd
Avistamentos honeypot0

Produtos afetados

opensc_project:opensc

Fraquezas (CWE)

CWE-126

Referencias

https://github.com/OpenSC/OpenSC/commit/6db171bcb6fd7cb3b51098fefbb3b28e44f0a79c(security-advisories@github.com)
https://github.com/OpenSC/OpenSC/security/advisories/GHSA-72x5-fwjx-2459(security-advisories@github.com)
https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66038(security-advisories@github.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.