Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 13 Dec 2023 15:11:35 +0100
From: Jakub Jelen <>
Subject: CVE-2023-40661: Dynamic analyzers reports in pkcs15-init in OpenSC
 before 0.24.0

This advisory summarizes automatically reported issues that are
security relevant that were reported since the release of OpenSC
0.23.0 and that are relevant to the handling the card enrollment
process using pkcs15-init.

All of these require physical access to the computer at the time user
or administrator would be enrolling the cards (generating keys and
loading certificates, other card/token management) operations. The
attack requires crafted USB device or smart card that would present
the system with specially crafted responses to the APDUs so they are
considered a high-complexity and low-severity. This issue is not
exploitable just by using a PKCS#11 module as done in most of the
end-user deployments.

Security-related oss-fuzz issues

Stack buffer overflow in sc_pkcs15_get_lastupdate in pkcs15init
fixed with 245efe608d083fd4e4ec96793fdefd218e26fde7

Heap buffer overflow in setcos_create_key in pkcs15init
fixed with
4013a807492568bf9907cfb3df41f130ac83c7b9 Heap
buffer overflow in cosm_new_file in pkcs15init
fixed with 41d61da8481582e12710b5858f8b635e0a71ab5e Heap
double free in sc_pkcs15_free_object_content
fixed with 638a5007a5d240d6fa901aa822cfeef94fe36e85 Stack
buffer overflow in cflex_delete_file in pkcs15init
fixed with c449a181a6988cc1e8dc8764d23574e48cdc3fa6 Heap
buffer overflow in sc_hsm_write_ef in pkcs15init
not in any released version, fixed with dd138d0600a1acd7991989127f36827e5836b24e

Stack buffer overflow while parsing pkcs15 profile files
fixed with 5631e9843c832a99769def85b7b9b68b4e3e3959 Stack
buffer overflow in muscle driver in pkcs15init
fixed with df5a176bfdf8c52ba89c7fef1f82f6f3b9312bc1 Stack
buffer overflow in cardos driver in pkcs15init
fixed with 578aed8391ef117ca64a9e0cba8e5c264368a0ec Heap
buffer overflow in epass2003 driver in pkcs15init
fixed with 609164045facaeae193feb48d9c2fc5cc4321e8a

Heap buffer overflow in iasecc driver in pkcs15init
fixed with
2a4921ab23fd0853f327517636c50de947548161 Stack
buffer overflow in entersafe driver in pkcs15init
fixed with 50f0985f6343eeac4044661d56807ee9286db42c

Heap buffer overflow in oberthur driver in pkcs15init
fixed with 41d61da8481582e12710b5858f8b635e0a71ab5e Stack
buffer overflow in idprime driver in pkcs15init
fixed with fa8ad362852dbefad5b6796c32f2a33859b8a8e0 Heap
buffer overflow in test_verify
fixed with ffbff25ec6c6d0ad3f8df76f57210698f7947fc3

Originally reported by OSS-fuzz automated service

The full release notes for the 0.24.0 is available in announce list:

and on github:

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.