CVE Catalog

CVE-2024-45615

LowCVSS 3.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

27th percentile — higher than 27% of all known CVEs

Summary

In OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK, there is a missing initialization of variables that are expected to be initialized before being used as arguments to other functions. This can lead to unpredictable behavior or potential security issues.

Risk Assessment

Uninitialized variables can cause unexpected application behavior, potentially allowing an attacker to exploit memory errors or gain access to sensitive data.

Recommendation

It is recommended to immediately update OpenSC to the latest version that includes fixes for variable initialization. Also review the configuration and ensure all components are up to date.

Original NVD description (English source)

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS