CLSA-2026-1778493745 opensc: Fix of 5 CVEs

CVE-2024-45615: initialize uninitialized variables passed as arguments - CVE-2024-45616: fix insufficient control of APDU response buffer length - CVE-2024-45617: check return values to avoid uninitialized variable use - CVE-2024-45618: check return values in pkcs15-init to avoid uninitialized...

CLSA-2025-1766598218 opensc: Fix of 4 CVEs

CVE-2024-45616: fix insufficient control of APDU buffer and its length - CVE-2024-45615: initialize uninitialized variables - CVE-2024-45617: fix insufficient or missing checking of return values - CVE-2024-45620: fix incorrect handling length of buffers or files in pkcs15init...

AZL-48768 CVE-2024-45616 affecting package opensc 0.23.0-5

A vulnerability was found in OpenSC, OpenSC tools, PKCS11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response AP...

CVE-2023-51773

BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacappdecodeapplicationdata in bacapp.c...

CVE-2023-51773

BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacappdecodeapplicationdata in bacapp.c...

CVE-2023-51773

BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacappdecodeapplicationdata in bacapp.c...

Design/Logic Flaw

BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacappdecodeapplicationdata in bacapp.c...

CVE-2023-51773

BACnet Stack before 1.3.2 is affected by a decode function APDU buffer over-read in bacapp_decode_application_data (bacapp.c). The vulnerability affects BACnet Stack prior to version 1.3.2 and can impact confidentiality and availability due to a buffer over-read. No explicit exploitation details ...