A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart…
redhat·CWE-457·Published 2024-09-03
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.
Se encontró una vulnerabilidad en OpenSC, herramientas OpenSC, módulo PKCS#11, minidriver y CTK. Un atacante podría usar un dispositivo USB o una tarjeta inteligente manipulada específicamente para presentar al sistema una respuesta especialmente manipulada a las APDU. Cuando los búferes están parcialmente llenos de datos, se puede acceder incorrectamente a las partes inicializadas del búfer.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 3.9 | — | — | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
| 3.1 | Primary | cve.org | 3.9 | — | — | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
| 3.1 | Primary | NVD | 3.9 | 0.5 | 3.4 | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
| 3.1 | Secondary | NVD | 3.9 | 0.5 | 3.4 | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |