CVE-2010-4523 [High] | Memory Corruption in Opensc

CVE-2010-4523 is rated High Exploit Risk (63.1/100): CVSS High severity, with medium exploitation likelihood (EPSS 0.86%). 5 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

EDB-ID	Source	Kind	Link
—	nvd_ref	exploit_tag	Exploit-DB ↗
—	nvd_ref	exploit_tag	Exploit-DB ↗
—	nvd_ref	exploit_tag	Exploit-DB ↗
—	nvd_ref	exploit_tag	Exploit-DB ↗
—	nvd_ref	exploit_tag	Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.28%	0.86%	+0.58%
2	2024-12-17	0.21%	0.28%	+0.07%
3	2023-03-07	—	0.21%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

0.28%

0.86%

+0.58%

2024-12-17

0.21%

0.28%

+0.07%

2023-03-07

—

0.21%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.2	2.0	HIGH	`AV:L/AC:L/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:L) Requires local access to the target system. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	3.9	10.0	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

7.2

2.0

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C Click to expand

Access vector (AV:L): Requires local access to the target system.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:C): Complete integrity impact.
Availability impact (A:C): Complete availability impact.

3.9

10.0

[email protected]

OS Trackers for CVE-2010-4523

vendor	priority	summary	link
`debian`	low	CVE-2010-4523 low priority: Debian including 1 source packages (opensc), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2010-4523
`gentoo`	normal	CVE-2010-4523: 1 GLSA(s) (201401-18), 1 atom(s) (dev-libs/opensc); latest impact normal.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2010-4523
`suse`	high	CVE-2010-4523 severity important: SUSE including 14 source package names (libopensc2-0.11.6-5.27.1, libopensc2-32bit-0.11.6-5.27.1, …), 28 product×package rows across 24 product lines (SUSE Linux Enterprise Desktop 12, SUSE Linux Enterprise Desktop 12 SP1, … (24 product lines)): Fixed 24, Known Not Affected 4.	https://www.suse.com/security/cve/CVE-2010-4523/
`ubuntu`	medium	CVE-2010-4523 medium priority: Ubuntu including 1 source packages (opensc), 6 status rows across 6 suites (dapper, hardy, karmic, lucid, maverick, upstream): released 5, ignored 1.	https://ubuntu.com/security/CVE-2010-4523

Affected software / configurations for CVE-2010-4523

Vendor	Product	Version	Raw CPE
opensc-project	opensc	<= 0.11.13	cpe:2.3:a:opensc-project:opensc::::::::
opensc-project	opensc	0.3.2	cpe:2.3:a:opensc-project:opensc:0.3.2:::::::*
opensc-project	opensc	0.3.5	cpe:2.3:a:opensc-project:opensc:0.3.5:::::::*
opensc-project	opensc	0.4.0	cpe:2.3:a:opensc-project:opensc:0.4.0:::::::*
opensc-project	opensc	0.5.0	cpe:2.3:a:opensc-project:opensc:0.5.0:::::::*
opensc-project	opensc	0.6.0	cpe:2.3:a:opensc-project:opensc:0.6.0:::::::*
opensc-project	opensc	0.6.1	cpe:2.3:a:opensc-project:opensc:0.6.1:::::::*
opensc-project	opensc	0.7.0	cpe:2.3:a:opensc-project:opensc:0.7.0:::::::*
opensc-project	opensc	0.8	cpe:2.3:a:opensc-project:opensc:0.8:::::::*
opensc-project	opensc	0.8.0	cpe:2.3:a:opensc-project:opensc:0.8.0:::::::*
opensc-project	opensc	0.8.0.0	cpe:2.3:a:opensc-project:opensc:0.8.0.0:::::::*
opensc-project	opensc	0.8.1	cpe:2.3:a:opensc-project:opensc:0.8.1:::::::*
opensc-project	opensc	0.9	cpe:2.3:a:opensc-project:opensc:0.9:::::::*
opensc-project	opensc	0.9.2	cpe:2.3:a:opensc-project:opensc:0.9.2:::::::*
opensc-project	opensc	0.9.3	cpe:2.3:a:opensc-project:opensc:0.9.3:::::::*
opensc-project	opensc	0.9.4	cpe:2.3:a:opensc-project:opensc:0.9.4:::::::*
opensc-project	opensc	0.9.5	cpe:2.3:a:opensc-project:opensc:0.9.5:::::::*
opensc-project	opensc	0.9.6	cpe:2.3:a:opensc-project:opensc:0.9.6:::::::*
opensc-project	opensc	0.9.7	cpe:2.3:a:opensc-project:opensc:0.9.7:::::::*
opensc-project	opensc	0.9.7	cpe:2.3:a:opensc-project:opensc:0.9.7:b::::::
opensc-project	opensc	0.9.7	cpe:2.3:a:opensc-project:opensc:0.9.7:d::::::
opensc-project	opensc	0.9.8	cpe:2.3:a:opensc-project:opensc:0.9.8:::::::*
opensc-project	opensc	0.10.0	cpe:2.3:a:opensc-project:opensc:0.10.0:::::::*
opensc-project	opensc	0.10.1	cpe:2.3:a:opensc-project:opensc:0.10.1:::::::*
opensc-project	opensc	0.11.0	cpe:2.3:a:opensc-project:opensc:0.11.0:::::::*
opensc-project	opensc	0.11.1	cpe:2.3:a:opensc-project:opensc:0.11.1:::::::*
opensc-project	opensc	0.11.2	cpe:2.3:a:opensc-project:opensc:0.11.2:::::::*
opensc-project	opensc	0.11.3	cpe:2.3:a:opensc-project:opensc:0.11.3:::::::*
opensc-project	opensc	0.11.3	cpe:2.3:a:opensc-project:opensc:0.11.3:pre3::::::
opensc-project	opensc	0.11.4	cpe:2.3:a:opensc-project:opensc:0.11.4:::::::*
opensc-project	opensc	0.11.5	cpe:2.3:a:opensc-project:opensc:0.11.5:::::::*
opensc-project	opensc	0.11.6	cpe:2.3:a:opensc-project:opensc:0.11.6:::::::*
opensc-project	opensc	0.11.7	cpe:2.3:a:opensc-project:opensc:0.11.7:::::::*
opensc-project	opensc	0.11.8	cpe:2.3:a:opensc-project:opensc:0.11.8:::::::*
opensc-project	opensc	0.11.9	cpe:2.3:a:opensc-project:opensc:0.11.9:::::::*
opensc-project	opensc	0.11.10	cpe:2.3:a:opensc-project:opensc:0.11.10:::::::*
opensc-project	opensc	0.11.11	cpe:2.3:a:opensc-project:opensc:0.11.11:::::::*
opensc-project	opensc	0.11.12	cpe:2.3:a:opensc-project:opensc:0.11.12:::::::*

References for CVE-2010-4523

URL	Tags
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427	Exploit Patch
http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf	Exploit Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052777.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052796.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://openwall.com/lists/oss-security/2010/12/21/2	Exploit Patch
http://openwall.com/lists/oss-security/2010/12/22/3	Exploit Patch
http://secunia.com/advisories/42658	Vendor Advisory
http://secunia.com/advisories/42807	Vendor Advisory
http://secunia.com/advisories/43068
http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html	Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2011:011
http://www.securityfocus.com/bid/45435
http://www.vupen.com/english/advisories/2011/0009	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0109
http://www.vupen.com/english/advisories/2011/0212
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483	Patch
https://bugzilla.redhat.com/show_bug.cgi?id=664831	Exploit Patch
https://www.opensc-project.org/opensc/changeset/4913	Patch

URL

CVE-2010-4523

Public exploit references (Exploit-DB) for CVE-2010-4523

Exploit prediction scoring system (EPSS) score for CVE-2010-4523

Common vulnerability scoring system (CVSS) metrics for CVE-2010-4523

Weakness enumeration for CVE-2010-4523

OS Trackers for CVE-2010-4523

Affected software / configurations for CVE-2010-4523

References for CVE-2010-4523