Libopensc: pkcs15init: usage of uninitialized values in libopensc and pkcs15init

CVE-2024-45615

3.9LOW

Key Information

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 3 September 2024

Summary

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 3.9 - (LOW)
Sep 14, 2024
Vulnerability published.
Sep 3, 2024
Reported to Red Hat.
Sep 2, 2024

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Matteo Marini (Sapienza University of Rome) for reporting this issue.