CVE-2024-45620
published 2024-09-03CVE-2024-45620: A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a…
low3.9CVSS 3.1
AVPACHPRNUINSUCLILAL
A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | opensc | < opensc 0.23.0-0.3+deb12u2 (bookworm) | opensc 0.23.0-0.3+deb12u2 (bookworm) |
| opensc_project | opensc | < 0.26.0 | 0.26.0 |
| opensc_project | opensc | >= 0 < 0.21.0-1+deb11u1 | 0.21.0-1+deb11u1 |
| opensc_project | opensc | >= 0 < 0.23.0-0.3+deb12u2 | 0.23.0-0.3+deb12u2 |
| opensc_project | opensc | >= 0 < 0.25.1-2.1 | 0.25.1-2.1 |
| opensc_project | opensc | >= 0 < 0.25.1-2.1 | 0.25.1-2.1 |
| opensc_project | opensc | >= 0 < 0.15.0-1ubuntu1+esm3 | 0.15.0-1ubuntu1+esm3 |
| opensc_project | opensc | >= 0 < 0.15.0-1ubuntu1+esm2 | 0.15.0-1ubuntu1+esm2 |
| opensc_project | opensc | >= 0 < 0.17.0-3ubuntu0.1~esm3 | 0.17.0-3ubuntu0.1~esm3 |
| opensc_project | opensc | >= 0 < 0.17.0-3ubuntu0.1~esm2 | 0.17.0-3ubuntu0.1~esm2 |
| opensc_project | opensc | >= 0 < 0.20.0-3ubuntu0.1~esm3 | 0.20.0-3ubuntu0.1~esm3 |
| opensc_project | opensc | >= 0 < 0.20.0-3ubuntu0.1~esm4 | 0.20.0-3ubuntu0.1~esm4 |
| opensc_project | opensc | >= 0 < 0.20.0-3ubuntu0.1~esm2 | 0.20.0-3ubuntu0.1~esm2 |
| opensc_project | opensc | >= 0 < 0.22.0-1ubuntu2+esm1 | 0.22.0-1ubuntu2+esm1 |
| opensc_project | opensc | >= 0 < 0.25.0~rc1-1ubuntu0.1~esm1 | 0.25.0~rc1-1ubuntu0.1~esm1 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.13.9LOWCVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
osv5.3MEDIUM