Severity by source
AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Primary rating from Vendor (redhat).
CVSS VectorVendor: redhat
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
6DescriptionCVE.org
Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs
AnalysisAI
Uninitialized variable usage in OpenSC's libopensc library enables information disclosure and denial of service when processing specially crafted responses from malicious USB devices or smart cards. Attackers must physically present a crafted USB or smart card device to trigger the vulnerability, which reads uninitialized memory from the stack or heap, potentially exposing sensitive data or causing application crashes. No public exploit code has been identified at time of analysis.
Technical ContextAI
OpenSC is a middleware library that provides access to smart cards and hardware security tokens via standard interfaces. The vulnerability resides in libopensc, which handles Application Protocol Data Unit (APDU) communication with smart card readers and USB-based security devices. The flaw involves multiple instances of uninitialized variables-memory regions that are declared but not explicitly set before use. When processing specially crafted APDU responses from a malicious device, these uninitialized variables retain whatever data was previously stored in memory, leading to information leaks or undefined behavior. The CVSS vector indicates physical attack vector (AV:P), meaning an attacker must have direct access to the system's USB ports or card reader interface.
RemediationAI
Apply the patched version of OpenSC released by the OpenSC project (version and release date available in GHSA-2v44-fq35-98vv advisory at https://github.com/OpenSC/OpenSC/security/advisories/GHSA-2v44-fq35-98vv). For Red Hat Enterprise Linux systems, apply security updates via the Red Hat Security Advisory corresponding to CVE-2025-13763 (reference: https://access.redhat.com/security/cve/CVE-2025-13763). No workarounds exist to disable the affected code path without losing smart card functionality. Interim risk reduction measures include physically restricting USB and card reader access to trusted administrators, disabling unused smart card reader hardware in BIOS/UEFI if the system does not require physical token authentication, and isolating systems running OpenSC in high-security environments from untrusted physical access. Each mitigation trades off functionality or convenience against risk, so organizations should prioritize patching rather than relying on compensating controls.
sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. Rated
Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15
Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC
Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in O
A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenS
A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-r
A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0
A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs1
Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c
Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003
Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in
A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 coul
Same weakness CWE-457 – Use of Uninitialized Variable
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209564