Back

CVE-2024-45619

Sept. 3, 2024, 10:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

OpenSC

PKCS#11 module

minidriver

CTK

Source

secalert@redhat.com

Tags

secalert@redhat.com
CWE-120
2024-09-03
CVE-2024-45619

CVE-2024-45619 details

Published : Sept. 3, 2024, 10:15 p.m.
Last Modified : Sept. 3, 2024, 10:15 p.m.

Description

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

CVSS Score

1 2 3.9 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVSS Data

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

Base Score

3.9

Exploitability Score

0.5

Impact Score

3.4

Base Severity

LOW

Vector String : CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

References

URL Source
https://access.redhat.com/security/cve/CVE-2024-45619 secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2309288 secalert@redhat.com
This website uses the NVD API, but is not approved or certified by it.