CVE-2026-10275
MEDIUMOpenSC pkcs11-tool Key Generation pkcs11-tool.c test_kpgen_certwrite buffer overflow
Title source: cnaDescription
A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been published and may be used. Patch name: 814f745b3b6d100295f65f1935edd33d520d33ab. It is recommended to apply a patch to fix this issue.
References (9)
Core 9
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-367568 | OpenSC pkcs11-tool Key Generation pkcs11-tool.c test_kpgen_certwrite buffer overflow
https://vuldb.com/vuln/367568
Signature, Permissions Required signature
permissions-required
VDB-367568 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/367568/cti
Third Party Advisory third-party-advisory
CVE-2026-10275 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-10275
Third Party Advisory third-party-advisory
Submit #825403 | OpenSC OpenSC 0.26.1 and earlier Buffer Overflow
https://vuldb.com/submit/825403
Issue Tracking issue-tracking
https://github.com/OpenSC/OpenSC/issues/3682
Patch issue-tracking
patch
https://github.com/OpenSC/OpenSC/pull/3684
Exploit exploit
https://pan.baidu.com/s/1nrZPKDz2eAcCpsaFiIRlrg
Product product
https://github.com/OpenSC/OpenSC/
Scores
CVSS v3
5.0
EPSS
0.0030
EPSS Percentile
21.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Details
CWE
CWE-119
CWE-120
Status
published
Products (2)
None/OpenSC
0.26.0
None/OpenSC
0.26.1
Published
Jun 01, 2026
Tracked Since
Jun 01, 2026