Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc

CVE-2024-45617

3.9LOW

Key Information

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 3 September 2024

Summary

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 3.9 - (LOW)
Sep 14, 2024
Vulnerability published.
Sep 3, 2024
Reported to Red Hat.
Sep 2, 2024

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Matteo Marini (Sapienza University of Rome) for reporting this issue.