CVE-2026-40510 PUBLISHED

OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c

Assigner: VulnCheck
Reserved: 13.04.2026 Published: 29.05.2026 Updated: 29.05.2026

OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device returning a URL field longer than 118 bytes in the Key History Object ASN.1 response.

CVSS Vector: CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
CVSS Score: 1

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Physical	Confidentiality	Low	Confidentiality	None
Attack Complexity	High	Integrity	Low	Integrity	None
Attack Requirements	None	Availability	Low	Availability	None
Privileges Required	None
User Interaction	Passive

CVSS 4.0

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
CVSS Score: 3.8

Attack Vector	Physical	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	Low
User Interaction	Required	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	OpenSC
Product	OpenSC
Versions	Default: affected affected from 0 to 0.27.0-rc1 (excl.) affected from 0 to 3f24f0b48a481a8cf2e46059d8238a283ddc1c13 (excl.)

CVE-2026-40510 PUBLISHED

OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c

Metrics

Product Status

Credits

References

Problem Types