Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged
Filter by:
With package: openscenegraph

Found 8 matching suggestions

View:
Compact
Detailed
Permalink CVE-2025-49010
3.8 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 2 weeks, 1 day ago
OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.

Affected products

OpenSC
  • ==< 0.27.0

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

pkgs.openscreen

Free, open-source alternative to Screen Studio (sort of)

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

Package maintainers

Permalink CVE-2024-1454
3.4 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 year, 2 months ago
Opensc: memory use after free in authentic driver when updating token info

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.

References

Affected products

opensc
  • ==0.25.0

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

Package maintainers

Permalink CVE-2024-45617
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 year, 3 months ago
Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

References

Affected products

opensc
libopensc
  • <0.26.0

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

Package maintainers

Permalink CVE-2024-45616
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 year, 3 months ago
Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.

References

Affected products

opensc
libopensc
  • <0.26.0

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

Package maintainers

Permalink CVE-2024-45615
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 year, 3 months ago
Libopensc: pkcs15init: usage of uninitialized values in libopensc and pkcs15init

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).

References

Affected products

opensc
libopensc
  • <0.26.0

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

Package maintainers

Permalink CVE-2024-45620
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 year, 3 months ago
Libopensc: incorrect handling of the length of buffers or files in pkcs15init

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

References

Affected products

opensc
libopensc

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

Package maintainers

Permalink CVE-2024-45619
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 year, 3 months ago
Libopensc: incorrect handling length of buffers or files in libopensc

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

References

Affected products

opensc
libopensc

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

Package maintainers

Permalink CVE-2024-45618
3.9 LOW
  • CVSS version: 3.1
  • Attack vector (AV): PHYSICAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 year, 3 months ago
Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

References

Affected products

opensc
libopensc

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

Package maintainers