Veracode Vulnerability DatabaseVERACODE:45466Use After Free
3.4 Low
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.4%
libopensc.so is vulnerable to Use After Free. The vulnerability is caused when a user or administrator enrolls or modifies cards, due to the authentic_emu_update_tokeninfo function in pkcs15-authentic.c only freeing memory if the sc_get_challenge function does not return an error, potentially leaving allocated memory unmanaged upon failure, creating a use-after-free vulnerability.
References
access.redhat.com/security/cve/CVE-2024-1454
bugs.chromium.org/p/oss-fuzz/issues/detail?id=64898
bugzilla.redhat.com/show_bug.cgi?id=2263929
github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9
github.com/OpenSC/OpenSC/pull/2962
lists.fedoraproject.org/archives/list/[email protected]/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/
lists.fedoraproject.org/archives/list/[email protected]/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/
lists.fedoraproject.org/archives/list/[email protected]/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/
Related
3.4 Low
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.4%