#1139246 opensc: CVE-2026-10275

Package:
src:opensc
Source:
src:opensc
Submitter:
Salvatore Bonaccorso
Date:
2026-06-07 16:21:03 UTC
Severity:
normal
Tags:
#1139246#5
Date:
2026-06-07 15:39:34 UTC
From:
To:
Hi,

The following vulnerability was published for opensc.

CVE-2026-10275[0]:
| A flaw has been found in OpenSC up to 0.26.1. This affects the
| function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of
| the component pkcs11-tool Key Generation Module. This manipulation
| causes buffer overflow. The attack is possible to be carried out
| remotely. The complexity of an attack is rather high. It is
| indicated that the exploitability is difficult. The exploit has been
| published and may be used. Patch name:
| 814f745b3b6d100295f65f1935edd33d520d33ab. It is recommended to apply
| a patch to fix this issue.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-10275
https://www.cve.org/CVERecord?id=CVE-2026-10275
[1] https://github.com/OpenSC/OpenSC/issues/3682
[2] https://github.com/OpenSC/OpenSC/pull/3684
[3] https://github.com/OpenSC/OpenSC/commit/814f745b3b6d100295f65f1935edd33d520d33ab

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
#1139246#8
Date:
2026-06-07 15:58:00 UTC
From:
To:
Hello,

Bug #1139246 in opensc reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/opensc-team/opensc/-/commit/bcbd679dda7a884b0968eb708439def2c55882bf
------------------------------------------------------------------------
pkcs11-tool: prevent buffer overflow (Closes: #1139246, CVE-2026-10275)
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1139246
#1139246#15
Date:
2026-06-07 16:18:43 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
opensc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1139246@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Germann <bage@debian.org> (supplier of updated opensc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Sun, 07 Jun 2026 17:57:13 +0200
Source: opensc
Architecture: source
Version: 0.27.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSC Maintainers <pkg-opensc-maint@lists.alioth.debian.org>
Changed-By: Bastian Germann <bage@debian.org>
Closes: 1139246
Changes:
 opensc (0.27.1-2) unstable; urgency=medium
 .
   * Team upload
   * pkcs11-tool: prevent buffer overflow (Closes: #1139246, CVE-2026-10275)
Checksums-Sha1:
 0de793d9fd823b1b681c28e3d1d69369cd464af9 2007 opensc_0.27.1-2.dsc
 71f02e22fbdb062583494b1b20197696a6175507 15816 opensc_0.27.1-2.debian.tar.xz
 53f8175bdb2e4d8c2ff7ec5ad00334223c63aa88 7209 opensc_0.27.1-2_source.buildinfo
Checksums-Sha256:
 934d8fc021b52fe4b7aaa416b3294017e52ecdc8b32bad9e021ab85844fc7bd1 2007 opensc_0.27.1-2.dsc
 ff7ff648366e43669c89efba3ae99fa09b7d256b5fb4f59b69a8b32162be6377 15816 opensc_0.27.1-2.debian.tar.xz
 6e7404f6aa84928ddb3943452804e9591443deb313b93ed8dc15ebb7eda1e4da 7209 opensc_0.27.1-2_source.buildinfo
Files:
 c650dbe91fff25e6595a7a92f5f73285 2007 utils optional opensc_0.27.1-2.dsc
 3ffbc6adbd9cae791e33f79a7920f96d 15816 utils optional opensc_0.27.1-2.debian.tar.xz
 a9d7a357fdd2a02cfb34e7a6d74fac74 7209 utils optional opensc_0.27.1-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----

iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmollRYQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFLO5DADst0lAcs+7zVf0fUd1RqPC8hbGJvZbnTua
5gd83V8RNy+vTlvYN5WACeWbUiPIVU08RiXuJ1zccJMF8m6KP2ifg3aYpN2JVq83
VJHv2nXpV477Cr75EHy1JpxOT3WMAkM/S/5J/Kdc31Xfi0zHN9T7kJpdAvm7Dmhq
Xe26KhRnQO8Zvz/J70bpz9yux4H40CNDH7zoSlDgoG6lF2SJPBMJ5Bhml4veyRSt
eYdNPF9B6+V1BK9gr9we1qYX+7GFA6EkB0tZTKFvZjowAUv7Cj7wKLuQdOKyXSBF
LPC+OhtoBJu3QlqZH2Qg+l4FPIyViZoIHqsiIFyxZwidZILHZfSkn6ph3vGvhcZD
82MdaVbvvX2sxJ8Df/2XubFB+9h57s/7IIynr2QBPQ37vZEgWDvXjuI7oDpUDPkL
obYb01SVButeQXSPTJdhlGYCbd6IylYdZ7+V87UGbD21bXFY8VE2C4sHHTgRrHCT
k+yeMzZCFloiSVf86m0KWJkEE1uff78=
=CWSC
-----END PGP SIGNATURE-----