cbcvebase.
CVE-2024-45616
published 2024-09-03

CVE-2024-45616: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would…

low3.9CVSS 3.1
AVPACHPRNUINSUCLILAL
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.

Affected

18 ranges
VendorProductVersion rangeFixed in
debianopensc< opensc 0.23.0-0.3+deb12u2 (bookworm)opensc 0.23.0-0.3+deb12u2 (bookworm)
opensc_projectopensc< 0.26.00.26.0
opensc_projectopensc>= 0 < 0.21.0-1+deb11u10.21.0-1+deb11u1
opensc_projectopensc>= 0 < 0.23.0-0.3+deb12u20.23.0-0.3+deb12u2
opensc_projectopensc>= 0 < 0.25.1-2.10.25.1-2.1
opensc_projectopensc>= 0 < 0.25.1-2.10.25.1-2.1
opensc_projectopensc>= 0 < 0.15.0-1ubuntu1+esm30.15.0-1ubuntu1+esm3
opensc_projectopensc>= 0 < 0.15.0-1ubuntu1+esm20.15.0-1ubuntu1+esm2
opensc_projectopensc>= 0 < 0.17.0-3ubuntu0.1~esm30.17.0-3ubuntu0.1~esm3
opensc_projectopensc>= 0 < 0.17.0-3ubuntu0.1~esm20.17.0-3ubuntu0.1~esm2
opensc_projectopensc>= 0 < 0.20.0-3ubuntu0.1~esm30.20.0-3ubuntu0.1~esm3
opensc_projectopensc>= 0 < 0.20.0-3ubuntu0.1~esm40.20.0-3ubuntu0.1~esm4
opensc_projectopensc>= 0 < 0.20.0-3ubuntu0.1~esm20.20.0-3ubuntu0.1~esm2
opensc_projectopensc>= 0 < 0.22.0-1ubuntu2+esm10.22.0-1ubuntu2+esm1
opensc_projectopensc>= 0 < 0.25.0~rc1-1ubuntu0.1~esm10.25.0~rc1-1ubuntu0.1~esm1
redhatenterprise_linux
redhatenterprise_linux
redhatenterprise_linux

CVSS provenance

nvdv3.13.9LOWCVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
osv5.3MEDIUM