CVE-2024-45620
LowCVSS 3.9Exploitation Probability (EPSS)
Low risk21th percentile — higher than 21% of all known CVEs
Summary
A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs, leading to incorrect access to initialized parts of the buffer when buffers are partially filled with data.
Risk Assessment
The risk involves potential remote or physical attacks on systems using OpenSC for smart card handling, which could lead to data integrity breaches or privilege escalation.
Recommendation
It is recommended to immediately update the OpenSC library to the latest version that includes a fix for CVE-2024-45620. Additionally, restrict the use of untrusted USB devices and smart cards.
Original NVD description (English source)
A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

