Main Vulnerability Database Vulnerabilities #VU124851

#VU124851 Buffer Over-read in OpenSC - CVE-2025-66038

Published: April 2, 2026

Vulnerability identifier: #VU124851

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-66038

CWE-ID: CWE-126

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
OpenSC

Software vendor:
OpenSC

Description

The vulnerability allows an attacker with physical access to disclose sensitive information, modify memory, or cause a denial of service.

The vulnerability exists due to out-of-bounds pointer return in sc_compacttlv_find_tag when parsing crafted compact-TLV data from untrusted cards or files. An attacker with physical access can provide a specially crafted compact-TLV buffer to disclose sensitive information, modify memory, or cause a denial of service.

The issue occurs because the function can return a pointer past the end of the buffer together with an unchecked length value, which may lead to downstream memory corruption when subsequent code dereferences the returned pointer.

Remediation

Install security update from vendor's website.

External links

https://github.com/OpenSC/OpenSC/security/advisories/GHSA-72x5-fwjx-2459

#VU124851 Buffer Over-read in OpenSC - CVE-2025-66038

Description

Remediation

External links

Please verify you're human