CVE Catalog

CVE-2024-45620

LowCVSS 3.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs, leading to incorrect access to initialized parts of the buffer when buffers are partially filled with data.

Risk Assessment

The risk involves potential remote or physical attacks on systems using OpenSC for smart card handling, which could lead to data integrity breaches or privilege escalation.

Recommendation

It is recommended to immediately update the OpenSC library to the latest version that includes a fix for CVE-2024-45620. Additionally, restrict the use of untrusted USB devices and smart cards.

Original NVD description (English source)

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS