Browse all 8 CVE security advisories affecting OpenSC. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OpenSC is an open-source smart card framework primarily used for managing digital certificates and smart card operations across various platforms. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its eight recorded CVEs. The software's security posture has been challenged by memory corruption bugs in its PKCS#11 implementation and input validation weaknesses in its web-based components. While no major public security incidents have been widely documented, the consistent discovery of vulnerabilities in its cryptographic handling and parsing functions highlights the need for rigorous input sanitization and secure coding practices in its development lifecycle.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-24032 | PAM-PKCS#11 vulnerable to authentication bypass with default value for `cert_policy` (`none`) — pam_pkcs11CWE-287 | 8.1 | - | 2025-02-10 |
| CVE-2025-24031 | PAM-PKCS#11 vulnerable to segmentation fault on ctrl-c/ctrl-d when asked for PIN — pam_pkcs11CWE-476 | 7.5 | - | 2025-02-10 |
This page lists every published CVE security advisory associated with OpenSC. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.