CVE-2024-45619

2024-09-0322:15:05

CWE-120

[email protected]

web.nvd.nist.gov

opensc

pkcs#11 module

ctk

usb device

smart card

buffer overflow

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

22.3%

JSON

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

Affected configurations

Nvd

Node

redhatenterprise_linuxMatch7.0

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

VendorProductVersionCPE
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
redhatenterprise_linux9.0cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	enterprise_linux	7.0	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
redhat	enterprise_linux	9.0	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*