CVE-2026-40510

Name
CVE-2026-40510
Description
OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device returning a URL field longer than 118 bytes in the Key History Object ASN.1 response.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
disclosure@vulncheck.com https://github.com/OpenSC/OpenSC/commit/3f24f0b48a481a8cf2e46059d8238a283ddc1c13
disclosure@vulncheck.com https://github.com/OpenSC/OpenSC/pull/3558
disclosure@vulncheck.com https://www.vulncheck.com/advisories/opensc-stack-buffer-overflow-via-piv-process-history-in-card-piv-c

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:* opensc >= None < 0.27.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
opensc edge-community 0.26.1-r0 Timo Teräs <timo.teras@iki.fi> possibly vulnerable
opensc edge-community 0.26.0-r0 Timo Teräs <timo.teras@iki.fi> possibly vulnerable
opensc edge-community 0.25.1-r0 Timo Teräs <timo.teras@iki.fi> possibly vulnerable
opensc edge-community 0.24.0-r0 Timo Teräs <timo.teras@iki.fi> possibly vulnerable
opensc edge-community 0.21.0-r0 Timo Teräs <timo.teras@iki.fi> possibly vulnerable
opensc edge-community 0.20.0-r0 None possibly vulnerable
opensc edge-community 0.19.0-r0 None possibly vulnerable
opensc 3.23-community 0.26.1-r0 Timo Teräs <timo.teras@iki.fi> possibly vulnerable