Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-8443

Опубликовано: 04 сент. 2024
Источник: redhat
CVSS3: 2.9

Описание

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the pkcs15-init tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

Отчет

As this flaw requires physical access and has a high complexity level to be exploited, it has been considered a Low severity vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10openscFix deferred
Red Hat Enterprise Linux 7openscFix deferred
Red Hat Enterprise Linux 8openscFix deferred
Red Hat Enterprise Linux 9openscFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2310494libopensc: Heap buffer overflow in OpenPGP driver when generating key

2.9 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-8443

CVSS3: 2.9
ubuntu
около 1 года назад

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

nvd логотип

CVE-2024-8443

CVSS3: 2.9
nvd
около 1 года назад

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

debian логотип

CVE-2024-8443

CVSS3: 2.9
debian
около 1 года назад

A heap-based buffer overflow vulnerability was found in the libopensc ...

github логотип

GHSA-mgc5-p43f-72pc

CVSS3: 3.4
github
около 1 года назад

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

fstec логотип

BDU:2024-11083

CVSS3: 2.9
fstec
больше 1 года назад

Уязвимость функции openpgp_generate_key_rsa() утилиты персонализации смарт-карт pkcs15-init набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю обойти ограничения безопасности и выполнить произвольный код

2.9 Low

CVSS3