Products
libopensc
Source
secalert@redhat.com
Tags
CVE-2024-8443 details
Published : Sept. 10, 2024, 2:15 p.m.
Last Modified : Sept. 10, 2024, 3:50 p.m.
Last Modified : Sept. 10, 2024, 3:50 p.m.
Description
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.
CVSS Score
1 | 2 | 3.4 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-122 | Heap-based Buffer Overflow | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
CVSS Data
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
Base Score
3.4
Exploitability Score
0.4
Impact Score
2.7
Base Severity
LOW
Vector String : CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
References
URL | Source |
---|---|
https://access.redhat.com/security/cve/CVE-2024-8443 | secalert@redhat.com |
https://bugzilla.redhat.com/show_bug.cgi?id=2310494 | secalert@redhat.com |
This website uses the NVD API, but is not approved or certified by it.