A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart…
redhat·CWE-457·Published 2024-09-03
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
Se encontró una vulnerabilidad en OpenSC, herramientas OpenSC, módulo PKCS#11, minidriver y CTK. Un atacante podría usar un dispositivo USB o una tarjeta inteligente manipulada específicamente para presentar al sistema una respuesta especialmente manipulada a las APDU. Cuando los búferes están parcialmente llenos de datos, se puede acceder incorrectamente a las partes inicializadas del búfer.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 3.9 | — | — | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
| 3.1 | Primary | cve.org | 3.9 | — | — | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
| 3.1 | Primary | NVD | 3.9 | 0.5 | 3.4 | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
| 3.1 | Secondary | NVD | 3.9 | 0.5 | 3.4 | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |