CVE-2026-40510

Published: Mag 29, 2026 Last Modified: Mag 29, 2026

ExploitDB:

Other exploit source:

Google Dorks:

LOW 1,0

Source: [email protected]

Attack Vector: physical

Attack Complexity: high

Privileges Required: none

User Interaction: passive

Confidentiality: N/A

Integrity: N/A

Availability: N/A

LOW 3,8

Source: [email protected]

Attack Vector: physical

Attack Complexity: high

Privileges Required: none

User Interaction: required

Scope: unchanged

Confidentiality: low

Integrity: low

Availability: low

Description

AI Translation Available

OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device returning a URL field longer than 118 bytes in the Key History Object ASN.1 response.

121

Stack-based Buffer Overflow

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Integrity Confidentiality Access Control Other

Potential Impacts:

Modify Memory Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Execute Unauthorized Code Or Commands Bypass Protection Mechanism Other

Applicable Platforms

Languages: Memory-Unsafe, C, C++

Likelihood of Exploit: High

View CWE Details

https://github.com/OpenSC/OpenSC/commit/3f24f0b48a481a8cf2e…

https://github.com/OpenSC/OpenSC/commit/3f24f0b48a481a8cf2e46059d8238a283ddc1c13

https://github.com/OpenSC/OpenSC/pull/3558

https://www.vulncheck.com/advisories/opensc-stack-buffer-ov…

https://www.vulncheck.com/advisories/opensc-stack-buffer-overflow-via-piv-proce…

CVE-2026-40510

Description

Stack-based Buffer Overflow

Common Consequences

Applicable Platforms

Iscriviti alla newsletter