Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-45617

Опубликовано: 02 сент. 2024
Источник: redhat
CVSS3: 3.9
EPSS Низкий

Описание

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7openscFix deferred
Red Hat Enterprise Linux 8openscFix deferred
Red Hat Enterprise Linux 9openscFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-457
https://bugzilla.redhat.com/show_bug.cgi?id=2309286libopensc: Uninitialized values after incorrect or missing checking return values of functions in libopensc

EPSS

Процентиль: 17%
0.00054
Низкий

3.9 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-45617

CVSS3: 3.9
ubuntu
10 месяцев назад

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

nvd логотип

CVE-2024-45617

CVSS3: 3.9
nvd
10 месяцев назад

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

debian логотип

CVE-2024-45617

CVSS3: 3.9
debian
10 месяцев назад

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, min ...

github логотип

GHSA-cf2w-h975-2fpg

CVSS3: 3.9
github
10 месяцев назад

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

fstec логотип

BDU:2024-11092

CVSS3: 3.9
fstec
10 месяцев назад

Уязвимость утилиты персонализации смарт-карт pkcs15-init и библиотеки libopensc набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 17%
0.00054
Низкий

3.9 Low

CVSS3