Libopensc: incorrect handling of the length of buffers or files in pkcs15init

CVE-2024-45620

3.9LOW

Key Information

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 3 September 2024

Summary

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 6.8 to: 3.9 - (LOW)
Sep 19, 2024
Vulnerability published.
Sep 3, 2024
Reported to Red Hat.
Sep 2, 2024

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Matteo Marini (Sapienza University of Rome) for reporting this issue.