Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-1454

Опубликовано: 12 фев. 2024
Источник: redhat
CVSS3: 3.4
EPSS Низкий

Описание

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.

Отчет

The opensc package versions, as shipped with Red Hat Enterprise Linux 7, 8, and 9, are not affected by this vulnerability, as the vulnerable upstream source code was not backported to any of these products.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7openscNot affected
Red Hat Enterprise Linux 8openscNot affected
Red Hat Enterprise Linux 9openscNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2263929opensc: Memory use after free in AuthentIC driver when updating token info

EPSS

Процентиль: 19%
0.00061
Низкий

3.4 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-1454

CVSS3: 3.4
ubuntu
больше 1 года назад

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.

nvd логотип

CVE-2024-1454

CVSS3: 3.4
nvd
больше 1 года назад

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.

msrc логотип

CVE-2024-1454

CVSS3: 3.4
msrc
4 месяца назад

Описание отсутствует

debian логотип

CVE-2024-1454

CVSS3: 3.4
debian
больше 1 года назад

The use-after-free vulnerability was found in the AuthentIC driver in ...

redos логотип

ROS-20240422-01

CVSS3: 4.5
redos
около 1 года назад

Уязвимость opensc

EPSS

Процентиль: 19%
0.00061
Низкий

3.4 Low

CVSS3

Уязвимость CVE-2024-1454