Heap-based buffer overflow vulnerability in libopensc OpenPGP driver could lead to arbitrary code execution

CVE-2024-8443

2.9LOW

Key Information

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 10 September 2024

Summary

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

CVSS V3.1

Score:

2.9

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Risk change from: null to: 3.4 - (LOW)
Sep 26, 2024
Vulnerability published.
Sep 10, 2024
Reported to Red Hat.
Sep 6, 2024
Vulnerability Reserved.
Sep 4, 2024

Collectors

NVD DatabaseMitre Database