Description
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.
Published: 2026-03-30
Score: 3.8 Low
EPSS: n/a
KEV: No
Impact: stack buffer overflow memory corruption
Action: Patch
AI Analysis

Impact

A stack buffer overflow occurs during the GET RESPONSE phase in OpenSC when a crafted USB device or smart card sends specially formed responses. The overflow could overwrite data on the stack, potentially leading to arbitrary code execution or system instability. The weakness is identified as CWE-121.

Affected Systems

The issue affects the OpenSC open source smart card tools and middleware. Any installation running OpenSC prior to version 0.27.0 is vulnerable.

Risk and Exploitability

The CVSS score of 3.8 indicates low overall severity. Exploitation requires physical access to the target computer and an attacker’s ability to present a malicious card or USB device, raising the attack surface but limiting remote exploitability. EPSS data is not available and the vulnerability is not listed in the KEV catalog.

Generated by OpenCVE AI on March 30, 2026 at 18:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenSC to version 0.27.0 or later.

Generated by OpenCVE AI on March 30, 2026 at 18:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
References
Metrics threat_severity

None

 threat_severity

Low

Mon, 30 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.
Title OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 3.8, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-30T18:38:21.684Z

Reserved: 2025-05-29T16:34:07.176Z

Link: CVE-2025-49010

cve-icon Vulnrichment

Updated: 2026-03-30T18:38:18.555Z

cve-icon NVD

Status : Received

Published: 2026-03-30T18:16:16.950

Modified: 2026-03-30T18:16:16.950

Link: CVE-2025-49010

cve-icon Redhat

Severity : Low

Publid Date: 2026-03-30T16:59:25Z

Links: CVE-2025-49010 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T20:55:28Z

Weaknesses