← Voltar para CVEs
CVE-2025-66215
LOW3.8
Descricao
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.
Detalhes CVE
Pontuacao CVSS v3.13.8
SeveridadeLOW
Vetor CVSSCVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Vetor de ataquePHYSICAL
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado3/30/2026
Ultima modificacao4/1/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
opensc_project:opensc
Fraquezas (CWE)
CWE-121
Referencias
https://github.com/OpenSC/OpenSC/commit/efd1d479832141bcf705c2f47655ada4d5f92f5d(security-advisories@github.com)
https://github.com/OpenSC/OpenSC/pull/3436(security-advisories@github.com)
https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5fc-cw56-hwp2(security-advisories@github.com)
https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66215(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.