A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs.
The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.
Metrics
Affected Vendors & Products
References
History
Fri, 13 Sep 2024 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Opensc Project
Opensc Project opensc |
|
Weaknesses | CWE-908 | |
CPEs | cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Opensc Project
Opensc Project opensc |
Wed, 04 Sep 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. | A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card. |
Wed, 04 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 03 Sep 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. |
Title | libopensc: Uninitialized values after incorrect check or usage of APDU response values in libopensc | Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc |
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux |
|
References |
|
Mon, 02 Sep 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | libopensc: Uninitialized values after incorrect check or usage of APDU response values in libopensc | |
Weaknesses | CWE-457 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-09-03T21:20:22.459Z
Updated: 2024-09-14T03:14:22.836Z
Reserved: 2024-09-02T18:28:35.895Z
Link: CVE-2024-45616
Vulnrichment
Updated: 2024-09-04T13:30:17.536Z
NVD
Status : Analyzed
Published: 2024-09-03T22:15:04.893
Modified: 2024-09-13T19:21:11.507
Link: CVE-2024-45616
Redhat