The vulnerability of the openpgpGenerateKeyRsa() function in the personalization utility for smart cards PKCS15-INIT is a flaw in the software and library tools used to work with OpenSC smart cards. This vulnerability allows a perpetrator to circumvent security restrictions and execute arbitrary code.

🗓️ 12 Dec 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Flaw in key generation of the smart card personalization tool enables arbitrary code execution.

Reporter	Title	Published	Views	Family All 80
Tenable Nessus	Amazon Linux 2023 : opensc (ALAS2023-2024-775)	11 Dec 202400:00	–	nessus
Tenable Nessus	Debian dla-4004 : opensc - security update	28 Dec 202400:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : opensc (SUSE-SU-2024:3443-1)	26 Sep 202400:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : opensc (SUSE-SU-2024:3444-1)	26 Sep 202400:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : opensc (SUSE-SU-2024:3445-1)	26 Sep 202400:00	–	nessus
Tenable Nessus	TencentOS Server 4: opensc (TSSA-2024:0894)	16 Jun 202500:00	–	nessus
Tenable Nessus	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : OpenSC vulnerabilities (USN-7346-1)	12 Mar 202500:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2024-8443	6 Mar 202500:00	–	nessus
Amazon	Low: opensc	12 Dec 202400:00	–	amazon
Amazon	Low: opensc	12 Dec 202400:00	–	amazon

Vulners

Node

opensc openscRange0.25.1–0.26.0

OR

red_hat red_hat_enterprise_linuxMatch7

OR

red_hat red_hat_enterprise_linuxMatch8

OR

red_hat red_hat_enterprise_linuxMatch9

Source	Link
access	www.access.redhat.com/security/cve/CVE-2024-8443
github	www.github.com/OpenSC/OpenSC/wiki/CVE-2024-8443
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-8443
redos	www.redos.red-soft.ru/support/secure/
github	www.github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e
github	www.github.com/OpenSC/OpenSC/commit/b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc
issues	www.issues.oss-fuzz.com/issues/42535468
github	www.github.com/OpenSC/OpenSC/pull/3219
redos	www.redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-opensc-111224/
altsp	www.altsp.su/obnovleniya-bezopasnosti/

29 Oct 2025 00:00Current

7High risk

Vulners AI Score7

CVSS 22.6

CVSS 32.9

EPSS0.00194

key generation flaw smart card personalization tool security bypass arbitrary code execution memory operation