CLSA-2026-1779190223

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1779190223.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1779190223
Upstream
Published
2026-05-19T11:30:52Z
Modified
2026-06-01T00:32:34.147791695Z
Summary
opensc: Fix of 5 CVEs
Details
  • CVE-2023-5992: implement constant-time PKCS#1 v1.5 depadding to prevent Bleichenbacher/Marvin-style timing attacks
  • CVE-2025-49010: fix stack buffer overflow write in iso7816 GET RESPONSE
  • CVE-2025-66037: fix out-of-bounds heap read in scpkcs15pubkeyfromspki_fields
  • CVE-2025-66038: fix buffer over-read in sccompacttlvfind_tag
  • CVE-2025-66215: fix stack buffer overflow write in card-oberthur authcomputesignature and authreadrecord
References

Affected packages

TuxCare:AlmaLinux:9.2 / opensc

Package

Name
opensc
Purl
pkg:rpm/tuxcare/opensc?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.22.0-2.el9_2.tuxcare.els5

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1779190223.json"