Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: openscap

Found 12 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2024-8443
3.4 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 6 months ago
Libopensc: heap buffer overflow in openpgp driver when generating key

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

References

Affected products

opensc
  • <0.26.0

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

  • nixos-unstable -

pkgs.openscad

3D parametric model compiler

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

  • nixos-unstable -

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2024-45620
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months ago
Libopensc: incorrect handling of the length of buffers or files in pkcs15init

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

References

Affected products

opensc
libopensc

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

  • nixos-unstable -

pkgs.openscad

3D parametric model compiler

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

  • nixos-unstable -

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2024-45617
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months ago
Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

References

Affected products

opensc
libopensc
  • <0.26.0

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

  • nixos-unstable -

pkgs.openscad

3D parametric model compiler

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

  • nixos-unstable -

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2024-45619
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months ago
Libopensc: incorrect handling length of buffers or files in libopensc

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

References

Affected products

opensc
libopensc

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

  • nixos-unstable -

pkgs.openscad

3D parametric model compiler

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

  • nixos-unstable -

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2024-45618
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months ago
Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

References

Affected products

opensc
libopensc

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

  • nixos-unstable -

pkgs.openscad

3D parametric model compiler

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

  • nixos-unstable -

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2024-45616
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months ago
Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

References

Affected products

opensc
libopensc
  • <0.26.0

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

  • nixos-unstable -

pkgs.openscad

3D parametric model compiler

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

  • nixos-unstable -

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2024-45615
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months ago
Libopensc: pkcs15init: usage of uninitialized values in libopensc and pkcs15init

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

References

Affected products

opensc
libopensc
  • <0.26.0

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

  • nixos-unstable -

pkgs.openscad

3D parametric model compiler

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

  • nixos-unstable -

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2024-1454
3.4 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 6 months ago
Opensc: memory use after free in authentic driver when updating token info

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.

References

Affected products

opensc
  • ==0.25.0

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

  • nixos-unstable -

pkgs.openscad

3D parametric model compiler

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

  • nixos-unstable -

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2023-5992
5.6 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months ago
Opensc: side-channel leaks while stripping encryption pkcs#1 padding

A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

References

Affected products

OpenSC
  • ==0.24.0
opensc
  • *

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

  • nixos-unstable -

pkgs.openscad

3D parametric model compiler

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

  • nixos-unstable -

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2023-4535
4.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months ago
Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.

References

Affected products

OpenSC
  • ==0.24.0-rc1
opensc
  • *

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

  • nixos-unstable -

pkgs.openscad

3D parametric model compiler

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

  • nixos-unstable -

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

  • nixos-unstable -

Package maintainers