CVE-2025-66038

Name of the Vulnerable Software and Affected Versions OpenSC versions prior to 0.27.0

Description OpenSC is an open source smart card tools and middleware. The sc compacttlv find tag function searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag (high nibble) and value length (low nibble). When provided with a 1-byte buffer, the encoded element claims a tag and length, but no value bytes follow. Calling sc compacttlv find tag with a specific search tag can return an out-of-bounds pointer and a length without verifying that the claimed value length fits within the remaining buffer. If sc compacttlv find tag receives untrusted data, attackers may be able to influence it to return out-of-bounds pointers, leading to memory corruption when subsequent code attempts to dereference the pointer.

Recommendations Versions prior to 0.27.0 should be updated to version 0.27.0 or later.