CVE-2026-40528NVD

Vulnerability Summary

OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init invocation, a key value entry beginning with '=' followed by more than sizeof(keybuf) characters is copied into keybuf via memcpy without a length check, causing both stack and heap buffer overruns.

Severity Level

LOW(3.8)

Published Date

May 29, 2026

Last Modified

May 29, 2026

Exploitation Status

UNKNOWN

CVSS v3.1 Base Metrics

Attack VectorPhysical

Attack ComplexityHigh

Privileges RequiredNone

User InteractionRequired

ScopeUnchanged

ConfidentialityLow

IntegrityLow

AvailabilityLow

External References

https://github.com/OpenSC/OpenSC/commit/0358817ec74aeca654f83e7709c7720b14c5db59
https://www.vulncheck.com/advisories/opensc-buffer-overrun-in-do-key-value-via-profile-c