Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-8443

Опубликовано: 04 сент. 2024
Источник: redhat
CVSS3: 2.9
EPSS Низкий

Описание

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the pkcs15-init tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

Отчет

As this flaw requires physical access and has a high complexity level to be exploited, it has been considered a Low severity vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7openscFix deferred
Red Hat Enterprise Linux 8openscFix deferred
Red Hat Enterprise Linux 9openscFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2310494libopensc: Heap buffer overflow in OpenPGP driver when generating key

EPSS

Процентиль: 13%
0.00043
Низкий

2.9 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-8443

CVSS3: 2.9
ubuntu
10 месяцев назад

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

nvd логотип

CVE-2024-8443

CVSS3: 2.9
nvd
10 месяцев назад

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

debian логотип

CVE-2024-8443

CVSS3: 2.9
debian
10 месяцев назад

A heap-based buffer overflow vulnerability was found in the libopensc ...

github логотип

GHSA-mgc5-p43f-72pc

CVSS3: 3.4
github
10 месяцев назад

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

fstec логотип

BDU:2024-11083

CVSS3: 2.9
fstec
около 1 года назад

Уязвимость функции openpgp_generate_key_rsa() утилиты персонализации смарт-карт pkcs15-init набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю обойти ограничения безопасности и выполнить произвольный код

EPSS

Процентиль: 13%
0.00043
Низкий

2.9 Low

CVSS3