Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-45619

Опубликовано: 02 сент. 2024
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7openscFix deferred
Red Hat Enterprise Linux 8openscFix deferred
Red Hat Enterprise Linux 9openscFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-120
https://bugzilla.redhat.com/show_bug.cgi?id=2309288libopensc: Incorrect handling length of buffers or files in libopensc

EPSS

Процентиль: 20%
0.00063
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-45619

CVSS3: 4.3
ubuntu
10 месяцев назад

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

nvd логотип

CVE-2024-45619

CVSS3: 4.3
nvd
10 месяцев назад

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

debian логотип

CVE-2024-45619

CVSS3: 4.3
debian
10 месяцев назад

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, min ...

github логотип

GHSA-9vxw-3j77-cj78

CVSS3: 3.9
github
10 месяцев назад

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

fstec логотип

BDU:2024-11088

CVSS3: 4.3
fstec
10 месяцев назад

Уязвимость утилиты персонализации смарт-карт pkcs15-init и библиотеки libopensc набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 20%
0.00063
Низкий

4.3 Medium

CVSS3