Skip to main content

OpenSC EUVD-2026-33320

| CVE-2026-40528 LOW
Stack-based Buffer Overflow (CWE-121)
2026-05-29 VulnCheck GHSA-vxjj-52h8-95w5
Buffer Overflow Stack Overflow Opensc
1.0
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.0 LOW
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Physical
Attack Complexity
High
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

3
Source Code Evidence Fetched
May 29, 2026 - 14:34 vuln.today
Analysis Generated
May 29, 2026 - 14:34 vuln.today
CVSS changed
May 29, 2026 - 14:22 NVD
3.8 (LOW) 1.0 (LOW)

DescriptionCVE.org

OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init invocation, a key value entry beginning with '=' followed by more than sizeof(keybuf) characters is copied into keybuf via memcpy without a length check, causing both stack and heap buffer overruns.

AnalysisAI

Stack and heap buffer overruns in OpenSC's pkcs15-init tooling corrupt memory when processing a maliciously crafted PKCS#15 profile configuration file. Affected versions prior to 0.27.0 contain no length validation in the do_key_value() function before a memcpy into the fixed-size keybuf buffer, allowing overflow when a key value entry begins with '=' and exceeds sizeof(keybuf) bytes. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain physical access to provisioning workstation
Delivery
Craft or replace pkcs15-init profile configuration file
Exploit
User invokes pkcs15-init with malicious profile
Execution
do_key_value() executes unchecked memcpy into keybuf
Persist
Stack and heap memory corrupted
Impact
Process crash or limited code execution
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Physical access to the target system is required (CVSS AV:P). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The aggregate risk signal is very low despite the memory-corruption class of vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with physical access to a smart card provisioning workstation replaces or supplants a legitimate pkcs15-init profile configuration file with a crafted variant containing a key value entry that begins with '=' and includes a payload exceeding sizeof(keybuf) bytes. When an operator runs pkcs15-init and the malicious profile is parsed, do_key_value() performs an unchecked memcpy into keybuf, overflowing the stack buffer and corrupting adjacent memory, potentially leading to a crash or limited code execution within the pkcs15-init process context. …
Remediation Upgrade OpenSC to version 0.27.0 or later, which incorporates the fix from commit 0358817. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-33320 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy