Description
OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device returning a URL field longer than 118 bytes in the Key History Object ASN.1 response.
Published: 2026-05-29
Score: 1 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stack buffer overflow (CWE‑120) in the piv_process_history() function of src/libopensc/card-piv.c in OpenSC prior to version 0.27.0‑rc1. A crafted PIV smart card or USB device can return a URL field longer than 118 bytes in the Key History Object ASN.1 response, causing overflow and memory corruption. This can lead to arbitrary code execution or disruption of the hosting process when the affected code is exercised.

Affected Systems

Any installation of OpenSC before version 0.27.0‑rc1 is affected. The vendor, OpenSC, provides the product OpenSC. No specific sub‑products are listed beyond the core library; therefore, all derived tools that invoke the vulnerable function are potentially impacted. Versions later than 0.27.0‑rc1 are not vulnerable.

Risk and Exploitability

The CVSS score is 1.0 and the EPSS score is < 1%, indicating low severity and a low likelihood of exploitation under current data. The issue requires physical proximity to the card or USB device, so the attack vector is local. Investigation of the commit history shows that the flaw has been patched without any reported active exploitation. Since the vulnerability appears in an environment that may be isolated, the overall risk to public‑facing services is low, but local attackers or those with physical access to the system can trigger memory corruption.

Generated by OpenCVE AI on June 18, 2026 at 18:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenSC to version 0.27.0‑rc1 or newer, or apply the patch from commit 3f24f0b.
  • Disable or restrict use of PIV card functions until the software is updated, to prevent triggering the vulnerable code.
  • If unable to update immediately, isolate the smart‑card reader or block the device from the system to prevent interaction with the vulnerable code.

Generated by OpenCVE AI on June 18, 2026 at 18:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 03 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Opensc Project
Opensc Project opensc
CPEs cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*
Vendors & Products Opensc Project
Opensc Project opensc

Mon, 01 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 29 May 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Opensc
Opensc opensc
Vendors & Products Opensc
Opensc opensc

Fri, 29 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device returning a URL field longer than 118 bytes in the Key History Object ASN.1 response.
Title OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 3.8, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 1, 'vector': 'CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Opensc Opensc
Opensc Project Opensc
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-01T13:37:24.127Z

Reserved: 2026-04-13T20:29:02.809Z

Link: CVE-2026-40510

cve-icon Vulnrichment

Updated: 2026-06-01T13:37:09.966Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-29T14:16:26.540

Modified: 2026-06-03T14:30:15.123

Link: CVE-2026-40510

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-29T13:26:40Z

Links: CVE-2026-40510 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T19:00:11Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

  • CWE-121

    Stack-based Buffer Overflow