Software often contains bugs, so does OpenSC. Be aware of the following security issues (in addition to overall [[security considerations|Security-Considerations]]) and upgrade to latest released version if needed.
- 24.11.2020 Heap buffer overflows have been detected in the smart card drivers for oberthur, TCOS and Gemsafe GPK, which can be triggered by a specially crafted smart card during the initialization of OpenSC (CVE-2020-26570, CVE-2020-26571 and CVE-2020-26572)
- 13.09.2018 Multiple issues have been identified in OpenSC, ranging from stack based buffer overflows to out of bounds reads and writes on the heap. They can be triggered by malicious smartcards sending malformed responses to APDU commands. Source: X41-2018-002. Coded as CVE-2018-16391 CVE-2018-16392 CVE-2018-16393 CVE-2018-16418 CVE-2018-16419 CVE-2018-16420 CVE-2018-16421 CVE-2018-16422 CVE-2018-16423 CVE-2018-16424 CVE-2018-16425 CVE-2018-16426 CVE-2018-16427
- 17.12.2010 A rogue smart card, specially crafted for this purpose, can be used to potentially execute arbitrary code if inserted to a local machine. Source: MWR InfoSecurity Advisory, fix: 4913. Coded as CVE-2010-4523
- 07.05.2009 security advisory coded as CVE-2009-1603
- 26.02.2009 security advisory coded as CVE-2009-0368
- 27.08.2008 security advisory coded as CVE-2008-3972
- 31.07.2008 security advisory coded as CVE-2008-2235