GoogleOSV:SUSE-SU-2024:3444-1Security update for opensc
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
13.4%
This update for opensc fixes the following issues:
- CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076)
- CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075)
- CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (bsc#1230074)
- CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (bsc#1230073)
- CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (bsc#1230072)
- CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071)
- CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364)
References
bugzilla.suse.com/1217722
bugzilla.suse.com/1230071
bugzilla.suse.com/1230072
bugzilla.suse.com/1230073
bugzilla.suse.com/1230074
bugzilla.suse.com/1230075
bugzilla.suse.com/1230076
bugzilla.suse.com/1230364
www.suse.com/security/cve/CVE-2024-45615
www.suse.com/security/cve/CVE-2024-45616
www.suse.com/security/cve/CVE-2024-45617
www.suse.com/security/cve/CVE-2024-45618
www.suse.com/security/cve/CVE-2024-45619
www.suse.com/security/cve/CVE-2024-45620
www.suse.com/security/cve/CVE-2024-8443
www.suse.com/support/update/announcement/2024/suse-su-20243444-1/
Related
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
13.4%