Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-66215

Опубликовано: 30 мар. 2026
Источник: debian
EPSS Низкий

Описание

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
openscfixed0.27.0~rc1-1package
openscno-dsatrixiepackage
openscno-dsabookwormpackage
openscpostponedbullseyepackage

Примечания

  • https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5fc-cw56-hwp2

  • https://github.com/OpenSC/OpenSC/pull/3436

  • https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66215

  • Fixed by: https://github.com/OpenSC/OpenSC/commit/a4bbf8a631537a4c0083b264095ed1cd36d307ab (0.27.0-rc1)

  • Fixed by: https://github.com/OpenSC/OpenSC/commit/56bc5e9575965461d99a274be45d71c18ab6eae0 (0.27.0-rc1)

EPSS

Процентиль: 5%
0.00018
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-66215

CVSS3: 3.8
ubuntu
7 дней назад

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.

redhat логотип

CVE-2025-66215

CVSS3: 3.8
redhat
7 дней назад

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.

nvd логотип

CVE-2025-66215

CVSS3: 3.8
nvd
7 дней назад

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.

msrc логотип

CVE-2025-66215

msrc
4 дня назад

OpenSC: Stack-buffer-overflow WRITE in card-oberthur

EPSS

Процентиль: 5%
0.00018
Низкий