A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.
Metrics
Affected Vendors & Products
References
History
Tue, 10 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 10 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution. |
Title | libopensc: Heap buffer overflow in OpenPGP driver when generating key | Libopensc: heap buffer overflow in openpgp driver when generating key |
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux |
|
References |
|
Fri, 06 Sep 2024 23:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | libopensc: Heap buffer overflow in OpenPGP driver when generating key | |
Weaknesses | CWE-122 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-09-10T13:16:51.146Z
Updated: 2024-09-10T14:47:45.126Z
Reserved: 2024-09-04T21:43:13.770Z
Link: CVE-2024-8443
Vulnrichment
Updated: 2024-09-10T14:47:41.046Z
NVD
Status : Awaiting Analysis
Published: 2024-09-10T14:15:13.440
Modified: 2024-09-10T15:50:57.713
Link: CVE-2024-8443
Redhat