hardenedlinux · citypw · Sep 26, 2024
diff --git a/OpenSC-security-advisories.md b/OpenSC-security-advisories.md
@@ -16,6 +16,7 @@ Software often contains bugs, so does OpenSC. Be aware of the following security
 * 25.09.2023 Multiple issues have been identified in OpenSC, mostly buffer overflows, but also potential PIN bypass.
   * The memory issues can be triggered by malicious smartcards sending malformed responses to APDU commands. Coded as ([CVE-2023-40661](CVE-2023-40661) and [CVE-2023-4535](CVE-2023-4535)).
   * The potential PIN bypass can happen when card tracks its own login state, demonstrated with Yubikey's PIV applet [CVE-2023-40660](CVE-2023-40660)
+* 30.05.2023 A security flaw in the pkcs15 cardos_have_verifyrc_package function allows an attacker to supply a malformed ASN1 context, potentially causing a heap-based buffer out-of-bounds read, information leak, or further damage [CVE-2023-2977](https://github.com/advisories/GHSA-p22r-5f28-437x)
 * 20.10.2021 Multiple issues have been identified in OpenSC, including heap double free, use after free/return, and buffer overflows. They can be triggered by malicious smartcards sending malformed responses to APDU commands. Coded as ([CVE-2021-42778](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4277), [CVE-2021-42779](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42779), [CVE-2021-42780](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42780) and [CVE-2021-42781](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42782))
 * 24.11.2020 Heap buffer overflows have been detected in the smart card drivers for oberthur, TCOS and Gemsafe GPK, which can be triggered by a specially crafted smart card during the initialization of OpenSC ([CVE-2020-26570](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26570), [CVE-2020-26571](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26571) and [CVE-2020-26572](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26572))
 * [13.09.2018](https://sourceforge.net/p/opensc/mailman/message/36414448/) Multiple issues have been identified in OpenSC, ranging from stack based buffer overflows to out of bounds reads and writes on the heap. They can be triggered by malicious smartcards sending malformed responses to APDU commands. Source: [X41-2018-002](https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/). Coded as [CVE-2018-16391](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16391), [CVE-2018-16392](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16392), [CVE-2018-16393](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16393), [CVE-2018-16418](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16418), [CVE-2018-16419](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16419), [CVE-2018-16420](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16420), [CVE-2018-16421](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16421), [CVE-2018-16422](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16422), [CVE-2018-16423g](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16423), [CVE-2018-16424](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16424), [CVE-2018-16425](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16425), [CVE-2018-16426](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16426) and [CVE-2018-16427](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16427)