CVE-2025-66037

Published: Mar 30, 2026 Last Modified: Mar 30, 2026

ExploitDB:

Other exploit source:

Google Dorks:

LOW 3,9

Source: [email protected]

Attack Vector: physical

Attack Complexity: high

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: low

Availability: low

Description

AI Translation Available

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0.

125

Out-of-bounds Read

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Availability Other

Potential Impacts:

Read Memory Bypass Protection Mechanism Dos: Crash, Exit, Or Restart Varies By Context

Applicable Platforms

Languages: C, C++, Memory-Unsafe

Technologies: ICS/OT

View CWE Details

https://github.com/OpenSC/OpenSC/security/advisories/GHSA-m…

https://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx

https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037

CVE-2025-66037

Description

Out-of-bounds Read

Common Consequences

Applicable Platforms

Iscriviti alla newsletter