cbcvebase.
CVE-2024-8443
published 2024-09-10

CVE-2024-8443: A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs…

low2.9CVSS 3.1
AVPACHPRNUIRSUCLILAN
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

Affected

19 ranges
VendorProductVersion rangeFixed in
debianopensc< opensc 0.23.0-0.3+deb12u2 (bookworm)opensc 0.23.0-0.3+deb12u2 (bookworm)
msrcazl3_opensc_0.25.1-4_on_azure_linux_3.0
msrccbl2_opensc_0.23.0-5_on_cbl_mariner_2.0
opensc_projectopensc>= 0 < 0.21.0-1+deb11u10.21.0-1+deb11u1
opensc_projectopensc>= 0 < 0.23.0-0.3+deb12u20.23.0-0.3+deb12u2
opensc_projectopensc>= 0 < 0.25.1-2.10.25.1-2.1
opensc_projectopensc>= 0 < 0.25.1-2.10.25.1-2.1
opensc_projectopensc>= 0 < 0.15.0-1ubuntu1+esm30.15.0-1ubuntu1+esm3
opensc_projectopensc>= 0 < 0.15.0-1ubuntu1+esm20.15.0-1ubuntu1+esm2
opensc_projectopensc>= 0 < 0.17.0-3ubuntu0.1~esm30.17.0-3ubuntu0.1~esm3
opensc_projectopensc>= 0 < 0.17.0-3ubuntu0.1~esm20.17.0-3ubuntu0.1~esm2
opensc_projectopensc>= 0 < 0.20.0-3ubuntu0.1~esm30.20.0-3ubuntu0.1~esm3
opensc_projectopensc>= 0 < 0.20.0-3ubuntu0.1~esm40.20.0-3ubuntu0.1~esm4
opensc_projectopensc>= 0 < 0.20.0-3ubuntu0.1~esm20.20.0-3ubuntu0.1~esm2
opensc_projectopensc>= 0 < 0.22.0-1ubuntu2+esm10.22.0-1ubuntu2+esm1
opensc_projectopensc>= 0 < 0.25.0~rc1-1ubuntu0.1~esm10.25.0~rc1-1ubuntu0.1~esm1
redhatenterprise_linux
redhatenterprise_linux
redhatenterprise_linux

CVSS provenance

nvdv3.12.9LOWCVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
osv5.3MEDIUM