CVE-2024-8443

🗓️ 10 Sep 2024 13:16:51Reported by redhatType

A heap-based buffer overflow vulnerability in libopensc OpenPGP driver may lead to arbitrary code execution with crafted USB device or smart card during card enrollment process

Reporter	Title	Published	Views	Family All 79
Tenable Nessus	Amazon Linux 2023 : opensc (ALAS2023-2024-775)	11 Dec 202400:00	–	nessus
Tenable Nessus	Debian dla-4004 : opensc - security update	28 Dec 202400:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : opensc (SUSE-SU-2024:3443-1)	26 Sep 202400:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : opensc (SUSE-SU-2024:3444-1)	26 Sep 202400:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : opensc (SUSE-SU-2024:3445-1)	26 Sep 202400:00	–	nessus
Tenable Nessus	TencentOS Server 4: opensc (TSSA-2024:0894)	16 Jun 202500:00	–	nessus
Tenable Nessus	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : OpenSC vulnerabilities (USN-7346-1)	12 Mar 202500:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2024-8443	6 Mar 202500:00	–	nessus
Amazon	Low: opensc	12 Dec 202400:00	–	amazon
Amazon	Low: opensc	12 Dec 202400:00	–	amazon

NVD

Node

opensc_project openscMatch-

Node

redhat enterprise_linuxMatch7.0

redhat enterprise_linuxMatch8.0

redhat enterprise_linuxMatch9.0

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "0.26.0",
        "lessThan": "0.26.0",
        "versionType": "semver"
      }
    ],
    "packageName": "opensc",
    "collectionURL": "https://github.com/OpenSC/OpenSC",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "opensc",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "opensc",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "opensc",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "opensc",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2024-8443
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
lists	www.lists.debian.org/debian-lts-announce/2024/12/msg00026.html

07 Nov 2025 00:36Current

4.7Medium risk

Vulners AI Score4.7

CVSS 3.12.9

EPSS0.00194

SSVC