Vulnerabilities > CVE-2024-45616 - Use of Uninitialized Resource vulnerability in multiple products

CVSS 3.9 - LOW

Attack vector

PHYSICAL

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

high complexity

redhat

opensc-project

CWE-908

NVD

Published: 2024-09-03

Updated: 2024-09-13

Summary

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.

Vulnerable Configurations

Part	Description	Count
OS	Redhat Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0	3
Application	Opensc_Project Opensc Project Opensc 0.2.0 Opensc Project Opensc 0.3.0 Opensc Project Opensc 0.3.1 Opensc Project Opensc 0.12.2 Opensc Project Opensc 0.13.0 Opensc Project Opensc 0.14.0 Opensc Project Opensc 0.15.0 Opensc Project Opensc 0.16.0 Opensc Project Opensc 0.17.0 Opensc Project Opensc 0.18.0 Opensc Project Opensc 0.19.0 Opensc Project Opensc 0.20.0 Opensc Project Opensc 0.21.0 Opensc Project Opensc 0.22.0 Opensc Project Opensc 0.23.0 Opensc Project Opensc 0.24.0	49

Common Weakness Enumeration (CWE)

CWE-908 - Use of Uninitialized Resource

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References