Описание
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the pkcs15-init tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.
Отчет
As this flaw requires physical access and has a high complexity level to be exploited, it has been considered a Low severity vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | opensc | Fix deferred | ||
| Red Hat Enterprise Linux 7 | opensc | Fix deferred | ||
| Red Hat Enterprise Linux 8 | opensc | Fix deferred | ||
| Red Hat Enterprise Linux 9 | opensc | Fix deferred |
Показывать по
Дополнительная информация
Статус:
2.9 Low
CVSS3
Связанные уязвимости
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.
Libopensc: heap buffer overflow in openpgp driver when generating key
A heap-based buffer overflow vulnerability was found in the libopensc ...
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.
2.9 Low
CVSS3