A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.
History

Fri, 13 Sep 2024 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Opensc Project
Opensc Project opensc
Weaknesses CWE-908
CPEs cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Opensc Project
Opensc Project opensc

Wed, 04 Sep 2024 18:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.

Wed, 04 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 03 Sep 2024 21:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.
Title libopensc: Uninitialized values after incorrect check or usage of APDU response values in libopensc Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References

Mon, 02 Sep 2024 21:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title libopensc: Uninitialized values after incorrect check or usage of APDU response values in libopensc
Weaknesses CWE-457
References
Metrics threat_severity

None

cvssV3_1

{'score': 3.9, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L'}

threat_severity

Low


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-09-03T21:20:22.459Z

Updated: 2024-09-14T03:14:22.836Z

Reserved: 2024-09-02T18:28:35.895Z

Link: CVE-2024-45616

cve-icon Vulnrichment

Updated: 2024-09-04T13:30:17.536Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-03T22:15:04.893

Modified: 2024-09-13T19:21:11.507

Link: CVE-2024-45616

cve-icon Redhat

Severity : Low

Publid Date: 2024-09-02T00:00:00Z

Links: CVE-2024-45616 - Bugzilla