CVE-2024-45618Use of Uninitialized Variable in Project Opensc

CWE-457Use of Uninitialized VariableCWE-908Use of Uninitialized Resource8 documents7 sources
Severity
3.9LOWNVD
EPSS
0.1%
top 69.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Opensc Project OpenscRedhat Enterprise Linux
Timeline
PublishedSep 3
Latest updateApr 9

Description

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 0.5 | Impact: 3.4

Affected Packages2 packages

NVDopensc_project/opensc< 0.26.0
Debianopensc_project/opensc< 0.21.0-1+deb11u1+3

Also affects: Enterprise Linux 7.0, 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-f2v6-mw6x-qmwc: A vulnerability was found in pkcs15-init in OpenSC2024-09-04
CVEList
Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init2024-09-03
OSV
CVE-2024-45618: A vulnerability was found in pkcs15-init in OpenSC2024-09-03

📋Vendor Advisories

4
Ubuntu
OpenSC vulnerabilities2025-04-09
Ubuntu
OpenSC vulnerabilities2025-03-12
Red Hat
libopensc: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init2024-09-02
Debian
CVE-2024-45618: opensc - A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a craf...2024
CVE-2024-45618 — Use of Uninitialized Variable | cvebase