CVE-2026-10275
Description
A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been published and may be used. Patch name: 814f745b3b6d100295f65f1935edd33d520d33ab. It is recommended to apply a patch to fix this issue.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
CVE-2026-10275 NameCVE-2026-10275 DescriptionA flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that theβ¦
CVE-2026-10275
| Name | CVE-2026-10275 |
| Description | A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been published and may be used. Patch name: 814f745b3b6d100295f65f1935edd33d520d33ab. It is recommended to apply a patch to fix this issue. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| opensc (PTS) | bullseye | 0.21.0-1 | vulnerable |
| bullseye (security) | 0.21.0-1+deb11u1 | vulnerable | |
| bookworm | 0.23.0-0.3+deb12u2 | vulnerable | |
| trixie | 0.26.1-2 | vulnerable | |
| forky, sid | 0.27.1-1 | vulnerable |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| opensc | source | (unstable) | (unfixed) |
Notes
[trixie] - opensc <no-dsa> (Minor issue)
[bookworm] - opensc <no-dsa> (Minor issue)
https://github.com/OpenSC/OpenSC/issues/3682
https://github.com/OpenSC/OpenSC/pull/3684
https://github.com/OpenSC/OpenSC/commit/814f745b3b6d100295f65f1935edd33d520d33ab
Apply commands
[trixie] - opensc <no-dsa> (Minor issue)[bookworm] - opensc <no-dsa> (Minor issue)https://github.com/OpenSC/OpenSC/issues/3682https://github.com/OpenSC/OpenSC/pull/3684https://github.com/OpenSC/OpenSC/commit/814f745b3b6d100295f65f1935edd33d520d33abOS impact
Debian Affected 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Affected | β |
| sid | Affected | β |
| forky | Affected | β |
| bullseye | Affected | β |
| bookworm | Affected | β |
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
References
- https://github.com/OpenSC/OpenSC/
- https://github.com/OpenSC/OpenSC/commit/814f745b3b6d100295f65f1935edd33d520d33ab
- https://github.com/OpenSC/OpenSC/issues/3682
- https://github.com/OpenSC/OpenSC/pull/3684
- https://pan.baidu.com/s/1nrZPKDz2eAcCpsaFiIRlrg
- https://vuldb.com/cve/CVE-2026-10275
- https://vuldb.com/submit/825403
- https://vuldb.com/vuln/367568
- https://vuldb.com/vuln/367568/cti
- https://www.suse.com/security/cve/CVE-2026-10275.html
- https://security-tracker.debian.org/tracker/CVE-2026-10275
CWEs
CWE-119 CWE-120
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.