OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers — CVE-2025-66038

Summary

Advisory CVE-2025-66038. OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers Vendor: Microsoft. Source: MSRC. Threat: low. CVSS 3.9. See the official advisory for details.

What to do

General, cautious steps (verify details in the official source):

• Review exposure and plan remediation based on risk and environment.
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• Mariner CVE-2026-21715
• Mariner CVE-2026-21716
• OpenSC: Out of Bounds vulnerability CVE-2025-66037
• OpenSC: Stack-buffer-overflow WRITE in card-oberthur CVE-2025-66215
• OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE CVE-2025-49010
• Libssh: libssh: denial of service via improper configuration file handling CVE-2026-0965
• Libssh: libssh: denial of service via inefficient regular expression processing CVE-2026-0967
• Mariner CVE-2025-70888
• Orc discount Markdown markdown.c compile recursion CVE-2026-4833
• NGINX ngx_mail_proxy_module vulnerability CVE-2026-28753
• Libsoup: libsoup: header and http request injection via crlf injection CVE-2026-3633
• Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type header CVE-2026-3634