Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-45616

Опубликовано: 02 сент. 2024
Источник: redhat
CVSS3: 3.9

Описание

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7openscFix deferred
Red Hat Enterprise Linux 8openscFix deferred
Red Hat Enterprise Linux 9openscFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-457
https://bugzilla.redhat.com/show_bug.cgi?id=2309290libopensc: Uninitialized values after incorrect check or usage of APDU response values in libopensc

3.9 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-45616

CVSS3: 3.9
ubuntu
10 месяцев назад

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.

nvd логотип

CVE-2024-45616

CVSS3: 3.9
nvd
10 месяцев назад

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.

debian логотип

CVE-2024-45616

CVSS3: 3.9
debian
10 месяцев назад

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, min ...

github логотип

GHSA-2mjg-798r-mxwh

CVSS3: 3.9
github
10 месяцев назад

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

fstec логотип

BDU:2024-11093

CVSS3: 3.9
fstec
10 месяцев назад

Уязвимость утилиты персонализации смарт-карт pkcs15-init и библиотеки libopensc набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

3.9 Low

CVSS3