wid-sec-w-2026-0917 · Published 2026-03-30 · View on BSI CERT-Bund ↗

OpenSC: Multiple Vulnerabilities allow nicht spezifizierten Angriff

CVSS 3.9 LOW

Risk Summary

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.

CVEs (5)

CVE-2025-13763 CVE-2025-66037 CVE-2025-66038 CVE-2025-49010 CVE-2025-66215

Affected Vendors

Open Source SUSE

Affected Products (2)

Open Source · OpenSC <0.27.0

Open Source · OpenSC 0.27.0

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more