CVE-2026-40528

LOW EPSS 4.3%
Published May 29, 20261mo ago · Modified Jun 17, 20261w ago
1.0 CVSS 4.0
Low
Find Similar
Published May 29, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init invocation, a key value entry beginning with '=' followed by more than sizeof(keybuf) characters is copied into keybuf via memcpy without a length check, causing both stack and heap buffer overruns.

CVSS Details

Base Score
1.0
Exploitability
Impact
Vector string
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Physical
Attack Complexity High
Privileges Required None
User Interaction P
Scope X

Threat Intelligence

EPSS Exploit Probability
4.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-121
CWE-122

Affected Products 1

VendorProductVersionRange
opensc_projectopensc* <0.27.0

References 2

  • github.com https://github.com/OpenSC/OpenSC/commit/0358817ec74aeca654f83e7709c7720b14c5db59
    Patch
  • vulncheck.com https://www.vulncheck.com/advisories/opensc-buffer-overrun-in-do-key-value-via-profile-c
    Third Party Advisory

Remediation

  • github.com https://github.com/OpenSC/OpenSC/commit/0358817ec74aeca654f83e7709c7720b14c5db59
    Patch