Description
OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device returning a URL field longer than 118 bytes in the Key History Object ASN.1 response.
Published: 2026-05-29
Score: 1 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stack buffer overflow in the piv_process_history() function of src/libopensc/card-piv.c in OpenSC prior to version 0.27.0‑rc1. A crafted PIV smart card or USB device can return a URL field longer than 118 bytes in the Key History Object ASN.1 response, causing overflow and memory corruption. This can lead to arbitrary code execution or disruption of the hosting process when the affected code is exercised.

Affected Systems

Any installation of OpenSC before version 0.27.0‑rc1 is affected. The vendor, OpenSC, provides the product OpenSC. No specific sub‑products are listed beyond the core library; therefore, all derived tools that invoke the vulnerable function are potentially impacted. Versions later than 0.27.0‑rc1 are not vulnerable.

Risk and Exploitability

The CVSS score is 1.0 and the EPSS score is not available, indicating low severity and a low likelihood of exploitation under current data. The issue requires physical proximity to the card or USB device, so the attack vector is local. Investigation of the commit history shows that the flaw has been patched without any reported active exploitation. Since the vulnerability appears in an environment that may be isolated, the overall risk to public‑facing services is low, but local attackers or those with physical access to the system can trigger memory corruption.

Generated by OpenCVE AI on May 29, 2026 at 14:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenSC to version 0.27.0‑rc1 or newer, or apply the patch from commit 3f24f0b.
  • Disable or restrict use of PIV card functions until the software is updated, to prevent triggering the vulnerable code.
  • If unable to update immediately, isolate the smart‑card reader or block the device from the system to prevent interaction with the vulnerable code.

Generated by OpenCVE AI on May 29, 2026 at 14:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Opensc
Opensc opensc
Vendors & Products Opensc
Opensc opensc

Fri, 29 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device returning a URL field longer than 118 bytes in the Key History Object ASN.1 response.
Title OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 3.8, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 1, 'vector': 'CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Opensc Opensc
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-29T13:39:29.643Z

Reserved: 2026-04-13T20:29:02.809Z

Link: CVE-2026-40510

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-29T14:16:26.540

Modified: 2026-05-29T15:42:56.873

Link: CVE-2026-40510

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:15:46Z

Weaknesses