CVE-2025-66037

Опубликовано: 30 мар. 2026

Источник: redhat

CVSS3: 3.9

Описание

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0.

A flaw was found in OpenSC, an open-source smart card tools and middleware. An attacker could exploit this vulnerability by providing a specially crafted input. This crafted input causes an out-of-bounds heap read, where the software attempts to read data beyond its allocated memory.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	opensc	Fix deferred
Red Hat Enterprise Linux 7	opensc	Fix deferred
Red Hat Enterprise Linux 8	opensc	Fix deferred
Red Hat Enterprise Linux 9	opensc	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=2453122OpenSC: OpenSC: Out-of-bounds read via crafted input

3.9 Low

CVSS3

Связанные уязвимости

CVE-2025-66037

CVSS3: 3.9

ubuntu

6 дней назад

CVE-2025-66037

CVSS3: 3.9

nvd

6 дней назад

CVE-2025-66037

msrc

4 дня назад

OpenSC: Out of Bounds vulnerability

CVE-2025-66037

CVSS3: 3.9

debian

6 дней назад

OpenSC is an open source smart card tools and middleware. Prior to ver ...

3.9 Low

CVSS3