Lucene search

GoogleOSV:CVE-2024-45617

HistorySep 03, 2024 - 10:15 p.m.

CVE-2024-45617

2024-09-0322:15:05

Google

osv.dev

vulnerability

opensc

pkcs#11

usb device

smart card

apdus

return values

initialization

CVSS3

3.9

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6.6

Confidence

Low

JSON

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs.

Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

References

access.redhat.com/security/cve/CVE-2024-45617

bugzilla.redhat.com/show_bug.cgi?id=2309286

security-tracker.debian.org/tracker/CVE-2024-45617

CVSS3

3.9

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6.6

Confidence

Low

JSON

Related for OSV:CVE-2024-45617