Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-1454

Опубликовано: 12 фев. 2024
Источник: debian
EPSS Низкий

Описание

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
openscfixed0.25.0~rc1-1package
openscfixed0.23.0-0.3+deb12u2bookwormpackage
openscno-dsabusterpackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=2263929

  • https://github.com/OpenSC/OpenSC/wiki/CVE-2024-1454

  • Fixed by: https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9

EPSS

Процентиль: 19%
0.00061
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-1454

CVSS3: 3.4
ubuntu
больше 1 года назад

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.

redhat логотип

CVE-2024-1454

CVSS3: 3.4
redhat
больше 1 года назад

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.

nvd логотип

CVE-2024-1454

CVSS3: 3.4
nvd
больше 1 года назад

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.

msrc логотип

CVE-2024-1454

CVSS3: 3.4
msrc
4 месяца назад

Описание отсутствует

redos логотип

ROS-20240422-01

CVSS3: 4.5
redos
около 1 года назад

Уязвимость opensc

EPSS

Процентиль: 19%
0.00061
Низкий