A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
History

Fri, 13 Sep 2024 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Opensc Project
Opensc Project opensc
Weaknesses CWE-908
CPEs cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Opensc Project
Opensc Project opensc

Wed, 04 Sep 2024 18:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

Wed, 04 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 03 Sep 2024 21:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.
Title libopensc: Uninitialized values after incorrect or missing checking return values of functions in libopensc Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References

Mon, 02 Sep 2024 21:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title libopensc: Uninitialized values after incorrect or missing checking return values of functions in libopensc
Weaknesses CWE-457
References
Metrics threat_severity

None

cvssV3_1

{'score': 3.9, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L'}

threat_severity

Low


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-09-03T21:20:53.782Z

Updated: 2024-09-14T03:14:23.199Z

Reserved: 2024-09-02T18:28:35.895Z

Link: CVE-2024-45617

cve-icon Vulnrichment

Updated: 2024-09-04T13:29:31.834Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-03T22:15:05.107

Modified: 2024-09-13T19:21:08.633

Link: CVE-2024-45617

cve-icon Redhat

Severity : Low

Publid Date: 2024-09-02T00:00:00Z

Links: CVE-2024-45617 - Bugzilla