Description
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0.
Published: 2026-03-30
Score: 3.9 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

OpenSC, a widely used library for smart card interactions, contains an out‑of‑bounds heap read in its PKCS#15 reader. The flaw arises when the function that reads an X.509/SPKI field allocates a zero‑length buffer and then reads one byte beyond it. When an attacker supplies a crafted input to the fuzz_pkcs15_reader harness, the program may leak data from memory, leading to potential disclosure of sensitive information. This vulnerability is a classic buffer overread, classified as CWE‑125.

Affected Systems

The affected vendor is the OpenSC project, offering the OpenSC smart‑card middleware and utilities. All versions prior to 0.27.0 are susceptible; the patch was delivered in release 0.27.0. Systems running an older build of the OpenSC libraries or tools that invoke the fuzz_pkcs15_reader component are at risk.

Risk and Exploitability

CVSS base score of 3.9 indicates low severity, and the EPSS score, below 1 %, suggests a low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog, further implying limited known exploitation. Exploitation requires supplying a deliberate input to a specific harness function, likely in a controlled environment or testing framework. Because the overread is confined to an internal buffer and does not trigger a crash or remote code execution, the immediate risk to operational systems is modest. Nonetheless, any untrusted data fed into the PKCS#15 reader should be considered a potential attack vector.

Generated by OpenCVE AI on April 2, 2026 at 02:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenSC to version 0.27.0 or later.
  • Confirm the installation by checking the version number on the command line.
  • Restart any services that depend on OpenSC and monitor for abnormal logs.

Generated by OpenCVE AI on April 2, 2026 at 02:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Opensc
Opensc opensc
Vendors & Products Opensc
Opensc opensc

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Opensc Project
Opensc Project opensc
CPEs cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*
Vendors & Products Opensc Project
Opensc Project opensc

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

threat_severity

Low

Mon, 30 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0.
Title OpenSC: Out of Bounds vulnerability
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 3.9, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Opensc Opensc
Opensc Project Opensc
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-30T20:14:39.203Z

Reserved: 2025-11-21T01:08:02.615Z

Link: CVE-2025-66037

cve-icon Vulnrichment

Updated: 2026-03-30T20:14:32.391Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-30T18:16:18.007

Modified: 2026-04-01T17:59:35.773

Link: CVE-2025-66037

cve-icon Redhat

Severity : Low

Publid Date: 2026-03-30T17:01:27Z

Links: CVE-2025-66037 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:11:14Z

Weaknesses