Lucene search

RedhatVULNRICHMENT:CVE-2024-8443

HistorySep 10, 2024 - 1:16 p.m.

CVE-2024-8443 Libopensc: heap buffer overflow in openpgp driver when generating key

2024-09-1013:16:51

CWE-122

redhat

github.com

cve-2024-8443

libopensc

usb device

smart card

apdu

pkcs15-init

card enrollment

arbitrary code execution

CVSS3

3.4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

8.4

Confidence

Low

EPSS

Percentile

9.6%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the pkcs15-init tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

References

access.redhat.com/security/cve/CVE-2024-8443

bugzilla.redhat.com/show_bug.cgi?id=2310494

CVSS3

3.4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

8.4

Confidence

Low

EPSS

Percentile

9.6%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-8443