Nixpkgs security tracker

Untriaged

Permalink CVE-2025-66038

3.9 LOW

CVSS version: 3.1
Attack vector (AV): PHYSICAL
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

created 2 weeks, 5 days ago

OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag (high nibble) and value length (low nibble). With a 1-byte buffer {0x0A}, the encoded element claims tag=0 and length=10 but no value bytes follow. Calling sc_compacttlv_find_tag with search tag 0x00 returns a pointer equal to buf+1 and outlen=10 without verifying that the claimed value length fits within the remaining buffer. In cases where the sc_compacttlv_find_tag is provided untrusted data (such as being read from cards/files), attackers may be able to influence it to return out-of-bounds pointers leading to downstream memory corruption when subsequent code tries to dereference the pointer. This issue has been patched in version 0.27.0.

References

https://github.com/OpenSC/OpenSC/security/advisories/GHSA-72x5-fwjx-2459 x_refsource_CONFIRM
https://github.com/OpenSC/OpenSC/commit/6db171bcb6fd7cb3b51098fefbb3b28e44f0a79c x_refsource_MISC
https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66038 x_refsource_MISC

Affected products

OpenSC

==< 0.27.0

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

nixos-unstable 0.26.1
- nixpkgs-unstable 0.26.1
- nixos-unstable-small 0.26.1
nixos-25.11 0.26.1
- nixos-25.11-small 0.26.1
- nixpkgs-25.11-darwin 0.26.1

pkgs.openscad

3D parametric model compiler

nixos-unstable 2021.01
- nixpkgs-unstable 2021.01
- nixos-unstable-small 2021.01
nixos-25.11 2021.01
- nixos-25.11-small 2021.01
- nixpkgs-25.11-darwin 2021.01

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

nixos-unstable 1.4.2
- nixpkgs-unstable 1.4.2
- nixos-unstable-small 1.4.2
nixos-25.11 1.4.2
- nixos-25.11-small 1.4.2
- nixpkgs-25.11-darwin 1.4.2

pkgs.openscreen

Free, open-source alternative to Screen Studio (sort of)

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

nixos-unstable 2.0.1
- nixpkgs-unstable 2.0.1
- nixos-unstable-small 2.0.1
nixos-25.11 2.0.1
- nixos-25.11-small 2.0.1
- nixpkgs-25.11-darwin 2.0.1

pkgs.openscenegraph

3D graphics toolkit

nixos-unstable 3.6.5
- nixpkgs-unstable 3.6.5
- nixos-unstable-small 3.6.5
nixos-25.11 3.6.5
- nixos-25.11-small 3.6.5
- nixpkgs-25.11-darwin 3.6.5

pkgs.openscad-unstable

3D parametric model compiler (unstable)

nixos-unstable 2021.01-unstable-2026-02-25
- nixpkgs-unstable 2021.01-unstable-2026-02-25
- nixos-unstable-small 2021.01-unstable-2026-02-25
nixos-25.11 2021.01-unstable-2025-10-27
- nixos-25.11-small 2021.01-unstable-2025-10-27
- nixpkgs-25.11-darwin 2021.01-unstable-2025-10-27

pkgs.kakounePlugins.openscad-kak

None

nixos-unstable 2020-12-10
- nixpkgs-unstable 2020-12-10
- nixos-unstable-small 2020-12-10
nixos-25.11 2020-12-10
- nixos-25.11-small 2020-12-10
- nixpkgs-25.11-darwin 2020-12-10