OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.c

Advisories

severity: low
date: 5/29/2026
Affecting: OpenSC < 0.27.0
OpenSC < 0358817
CVE: CVE-2026-40528
CWE: CWE-121 Stack-based Buffer Overflow
CWE-122 Heap-based Buffer Overflow
CVSS: 1
CVSS V4 Vector: CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
References: Patch Commit
Credit: Nicholas Carlini of Anthropic
Description: OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init invocation, a key value entry beginning with '=' followed by more than sizeof(keybuf) characters is copied into keybuf via memcpy without a length check, causing both stack and heap buffer overruns.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo