Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-40528
PUBLISHED
More InfoOfficial Page
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
View Known Exploited Vulnerability (KEV) details
Published At-29 May, 2026 | 13:38
Updated At-29 May, 2026 | 13:58
Rejected At-
▼CVE Numbering Authority (CNA)
OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.c

OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init invocation, a key value entry beginning with '=' followed by more than sizeof(keybuf) characters is copied into keybuf via memcpy without a length check, causing both stack and heap buffer overruns.

Affected Products
Vendor
OpenSC
Product
OpenSC
Repo
https://github.com/OpenSC/OpenSC
Default Status
affected
Versions
Affected
  • From 0 before 0.27.0 (semver)
  • From 0 before 0358817ec74aeca654f83e7709c7720b14c5db59 (git)
Problem Types
TypeCWE IDDescription
CWECWE-121Stack-based Buffer Overflow
CWECWE-122Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-122
Description: Heap-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
4.01.0LOW
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3.13.8LOW
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Version: 4.0
Base score: 1.0
Base severity: LOW
Vector:
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Version: 3.1
Base score: 3.8
Base severity: LOW
Vector:
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Nicholas Carlini of Anthropic
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/OpenSC/OpenSC/commit/0358817ec74aeca654f83e7709c7720b14c5db59
patch
https://www.vulncheck.com/advisories/opensc-buffer-overrun-in-do-key-value-via-profile-c
third-party-advisory
Hyperlink: https://github.com/OpenSC/OpenSC/commit/0358817ec74aeca654f83e7709c7720b14c5db59
Resource:
patch
Hyperlink: https://www.vulncheck.com/advisories/opensc-buffer-overrun-in-do-key-value-via-profile-c
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found