Описание
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-apps/bionic | released | 0.17.0-3ubuntu0.1~esm2 |
| esm-apps/focal | released | 0.20.0-3ubuntu0.1~esm4 |
| esm-apps/jammy | released | 0.22.0-1ubuntu2+esm1 |
| esm-apps/noble | released | 0.25.0~rc1-1ubuntu0.1~esm1 |
| esm-apps/xenial | released | 0.15.0-1ubuntu1+esm2 |
| focal | ignored | end of standard support, was needed |
| jammy | needed | |
| noble | needed | |
| oracular | released | 0.25.1-2ubuntu1.1 |
Показывать по
Ссылки на источники
3.9 Low
CVSS3
Связанные уязвимости
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
A vulnerability was found in pkcs15-init in OpenSC. An attacker could ...
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.
Уязвимость утилиты персонализации смарт-карт pkcs15-init набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
3.9 Low
CVSS3