Lucene search

Redhat.comRH:CVE-2024-8443

HistorySep 06, 2024 - 8:10 p.m.

CVE-2024-8443

2024-09-0620:10:58

redhat.com

access.redhat.com

cve-2024-8443

information not available

CVSS3

3.4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

4.9

Confidence

High

EPSS

Percentile

9.6%

JSON

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the pkcs15-init tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

References

bugzilla.redhat.com/show_bug.cgi?id=2310494

nvd.nist.gov/vuln/detail/CVE-2024-8443

www.cve.org/CVERecord?id=CVE-2024-8443

CVSS3

3.4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

4.9

Confidence

High

EPSS

Percentile

9.6%

JSON

Related for RH:CVE-2024-8443