CVE-2026-10275

Published: Giu 01, 2026 Last Modified: Giu 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

LOW 1,3

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: passive

Confidentiality: N/A

Integrity: N/A

Availability: N/A

MEDIUM 5,0

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: required

Scope: unchanged

Confidentiality: low

Integrity: low

Availability: low

MEDIUM 5,1

Source: [email protected]

Access Vector: network

Access Complexity: high

Authentication: none

Confidentiality: partial

Integrity: partial

Availability: partial

Description

AI Translation Available

A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been published and may be used. Patch name: 814f745b3b6d100295f65f1935edd33d520d33ab. It is recommended to apply a patch to fix this issue.

119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Stable

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands Modify Memory Read Memory Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory)