CVE-2024-45616 · CVEKit

cve.orgen

358 chars

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.

NVDen

358 chars

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.

NVDes

395 chars

Se encontró una vulnerabilidad en OpenSC, herramientas OpenSC, módulo PKCS#11, minidriver y CTK. Un atacante podría usar un dispositivo USB o una tarjeta inteligente manipulada específicamente para presentar al sistema una respuesta especialmente manipulada a las APDU. Cuando los búferes están parcialmente llenos de datos, se puede acceder incorrectamente a las partes inicializadas del búfer.

CVSS metrics across sources

4

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	3.9	—	—	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
3.1	Primary	cve.org	3.9	—	—	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L