Description
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0.
Published: 2026-03-30
Score: 3.9 Low
EPSS: n/a
KEV: No
Impact: Out-of-bounds heap memory read
Action: Assess Impact
AI Analysis

Impact

The vulnerability arises when a specially crafted input is provided to the fuzz_pkcs15_reader harness in OpenSC. The sc_pkcs15_pubkey_from_spki_fields() function allocates a zero-length buffer and then attempts to read one byte past the end of that allocation, resulting in an out-of-bounds heap read. This allows the caller to read data from an unintended memory location, potentially revealing sensitive information.

Affected Systems

Affected systems are installations of OpenSC, the open source smart‑card tools and middleware, with any version released before 0.27.0. The issue was addressed and fixed in OpenSC 0.27.0; later releases are not affected.

Risk and Exploitability

The base CVSS score is 3.9, which indicates limited impact and complexity. EPSS data is unavailable, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to supply a crafted input to the fuzz_pkcs15_reader harness; no mention is made of additional privileges or simultaneous conditions. The low score and lack of public exploitation evidence suggest a moderate risk in environments that expose the harness to untrusted input.

Generated by OpenCVE AI on March 30, 2026 at 18:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenSC to version 0.27.0 or later.
  • If upgrade is not possible, limit the use of the fuzz_pkcs15_reader harness to trusted environments.

Generated by OpenCVE AI on March 30, 2026 at 18:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

threat_severity

Low

Mon, 30 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0.
Title OpenSC: Out of Bounds vulnerability
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 3.9, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-30T20:14:39.203Z

Reserved: 2025-11-21T01:08:02.615Z

Link: CVE-2025-66037

cve-icon Vulnrichment

Updated: 2026-03-30T20:14:32.391Z

cve-icon NVD

Status : Received

Published: 2026-03-30T18:16:18.007

Modified: 2026-03-30T18:16:18.007

Link: CVE-2025-66037

cve-icon Redhat

Severity : Low

Publid Date: 2026-03-30T17:01:27Z

Links: CVE-2025-66037 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T20:55:26Z

Weaknesses