sc-hsm buffer overflow for keys > 2k
Testing, LowPublic
Actions

Assigned To

None

Authored By

	• werner
	Thu, Apr 30, 9:49 AM

Description

Reported on 2026-04-27 by Ciwan Öztopal:

The bug is in the SmartCard-HSM driver in scd/app-sc-hsm.c. The decrypt
path uses a fixed stack buffer:
unsigned char p1blk[256];
but derives the effective RSA block size from card metadata:
p1blklen = prkdf->keysize >> 3;
The key size is parsed from the card's PrKDF metadata and is not bounded to
the size of the destination stack buffer. For RSA-4096, p1blklen becomes

The subsequent memcpy then writes beyond p1blk[256].

[...]

To exploit this bug a 4k RSA card must be used. Thus it is not remotely exploitable and requires access to a reader controlled by GnuPG. I consider the severity as medium.

Revisions and Commits

rG GnuPG
	rG8a3cfb65e033 scd:sc-hsm: Avoid buffer overflow with cards providing RSA > 2k.

Related Objects
Search...

		Status	Assigned	Task
		Open	None	T6097 SC-HSM 4K Compatibility
		Testing	None	T8244 sc-hsm buffer overflow for keys > 2k

Event Timeline

• werner triaged this task as Low priority.Thu, Apr 30, 9:49 AM

• werner created this task.

• werner changed the task status from Open to Testing.Thu, Apr 30, 9:55 AM

• werner moved this task from Backlog to WIP on the gnupg26 board.

• werner added a commit: rG8a3cfb65e033: scd:sc-hsm: Avoid buffer overflow with cards providing RSA > 2k..Thu, Apr 30, 9:55 AM

pl13 added a subscriber: pl13.Thu, Apr 30, 9:58 AM

sc-hsm buffer overflow for keys > 2kTesting, LowPublicActions

Description

Revisions and Commits

Related ObjectsSearch...

Event Timeline

sc-hsm buffer overflow for keys > 2k
Testing, LowPublic
Actions

Related Objects
Search...