CVE-2024-45620Classic Buffer Overflow in Project Opensc

CWE-120Classic Buffer Overflow8 documents7 sources
Severity
3.9LOWNVD
EPSS
0.1%
top 74.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Opensc Project OpenscRedhat Enterprise Linux
Timeline
PublishedSep 3
Latest updateApr 9

Description

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 0.5 | Impact: 3.4

Affected Packages2 packages

NVDopensc_project/opensc< 0.26.0
Debianopensc_project/opensc< 0.21.0-1+deb11u1+3

Also affects: Enterprise Linux 7.0, 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-9c2g-6v5v-57qg: A vulnerability was found in the pkcs15-init tool in OpenSC2024-09-04
CVEList
Libopensc: incorrect handling of the length of buffers or files in pkcs15init2024-09-03
OSV
CVE-2024-45620: A vulnerability was found in the pkcs15-init tool in OpenSC2024-09-03

📋Vendor Advisories

4
Ubuntu
OpenSC vulnerabilities2025-04-09
Ubuntu
OpenSC vulnerabilities2025-03-12
Red Hat
libopensc: Incorrect handling of the length of buffers or files in pkcs15init2024-09-02
Debian
CVE-2024-45620: opensc - A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could u...2024
CVE-2024-45620 — Classic Buffer Overflow | cvebase