Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init

CVE-2024-45618
3.9LOW

Key Information

Vendor
Red Hat
Status
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Vendor
CVE Published:
3 September 2024

Summary

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

CVSS V3.1

Score:
3.9
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Physical
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Risk change from: null to: 3.9 - (LOW)

  • Vulnerability published.

  • Reported to Red Hat.

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Matteo Marini (Sapienza University of Rome) for reporting this issue.
.