CVE-2024-45619
MEDIUM EPSS 21.7%
Published Sep 3, 20241y ago · Modified Jun 17, 20261w ago
4.3 CVSS 3.1
Published Sep 3, 2024 1y ago
Last Modified Jun 17, 2026 1w ago
Description
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Attack Vector Physical
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability Low
Threat Intelligence
EPSS Exploit Probability
21.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-120
Affected Products 4
| Vendor | Product | Version | Range |
|---|---|---|---|
| redhat | enterprise_linux | 7.0 | any |
| redhat | enterprise_linux | 8.0 | any |
| redhat | enterprise_linux | 9.0 | any |
| opensc_project | opensc | * | <0.26.0 |
References 3
- access.redhat.com https://access.redhat.com/security/cve/CVE-2024-45619
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2309288
- lists.debian.org https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.