Jakub Jelen

9 exploits Active since Dec 2019
CVE-2026-3731 WRITEUP MEDIUM WRITEUP
libssh <=0.11.3 - Memory Corruption
A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may be performed from remote. Upgrading to version 0.11.4 and 0.12.0 is sufficient to resolve this issue. This patch is called 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60. You should upgrade the affected component.
CVSS 5.3
CVE-2019-19480 WRITEUP MEDIUM WRITEUP
OpenSC <0.20.0-rc3 - Memory Corruption
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.
CVSS 4.6
CVE-2019-19481 WRITEUP MEDIUM WRITEUP
OpenSC <0.20.0-rc3 - Buffer Overflow
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.
CVSS 4.6
CVE-2019-20792 WRITEUP MEDIUM WRITEUP
Opensc < 0.20.0 - Double Free
OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.
CVSS 6.8
CVE-2021-42778 WRITEUP MEDIUM WRITEUP
Opensc < 0.22.0 - Double Free
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.
CVSS 5.3
CVE-2021-42779 WRITEUP MEDIUM WRITEUP
Opensc < 0.22.0 - Use After Free
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.
CVSS 5.3
CVE-2021-42780 WRITEUP MEDIUM WRITEUP
Opensc <0.22.0 - Use After Free
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
CVSS 5.3
CVE-2021-42782 WRITEUP MEDIUM WRITEUP
Opensc < 0.22.0 - Out-of-Bounds Write
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
CVSS 5.3
CVE-2024-1454 WRITEUP LOW WRITEUP
Opensc < 0.25.0 - Use After Free
The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.
CVSS 3.4