Multiple vulnerabilities in OpenSC pam_pkcs11

1) NULL pointer dereference

EUVDB-ID: #VU106021

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-24031

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in pam_get_pwd. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

pam_pkcs11: 0.5.2 - 0.6.12

CPE2.3

• cpe:2.3:a:opensc:pam_pkcs11:0.5.2:*:*:*:*:*:*:*
• cpe:2.3:a:opensc:pam_pkcs11:0.5.3:*:*:*:*:*:*:*
• cpe:2.3:a:opensc:pam_pkcs11:0.6.0:*:*:*:*:*:*:*

External links

https://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fdf44b0d5a4b377db3179021380/src/pam_pkcs11/pam_pkcs11.c#L211
https://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fdf44b0d5a4b377db3179021380/src/pam_pkcs11/pam_pkcs11.c#L797
https://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-wvr3-c9x3-9mff

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper authentication

EUVDB-ID: #VU106020

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-24531

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an incorrect error handling during authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

pam_pkcs11: 0.6.12

CPE2.3

• cpe:2.3:a:opensc:pam_pkcs11:0.6.12:*:*:*:*:*:*:*

External links

https://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-7mf6-rg36-qgch

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper authentication

EUVDB-ID: #VU106019

Risk: High

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-24032

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the default cert_policy value is set to "none". A remote attacker can forge a token and bypass authentication process.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

pam_pkcs11: 0.5.2 - 0.6.12

CPE2.3

• cpe:2.3:a:opensc:pam_pkcs11:0.5.2:*:*:*:*:*:*:*
• cpe:2.3:a:opensc:pam_pkcs11:0.5.3:*:*:*:*:*:*:*
• cpe:2.3:a:opensc:pam_pkcs11:0.6.0:*:*:*:*:*:*:*

External links

https://github.com/OpenSC/pam_pkcs11/commit/470263258d1ac59c5eade439c4d9caba0097e6e6
https://github.com/OpenSC/pam_pkcs11/commit/b665b287ff955bbbd9539252ff9f9e2754c3fb48
https://github.com/OpenSC/pam_pkcs11/commit/d9530167966a77115db6e885d459382a2e52ee9e
https://github.com/OpenSC/pam_pkcs11/releases/tag/pam_pkcs11-0.6.13
https://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-8r8p-7mgp-vf56
https://lists.debian.org/debian-lts-announce/2025/02/msg00021.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.