CVE-2024-8443
LowCVSS 2.9Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to APDUs during card enrollment using pkcs15-init may lead to out-of-bounds access, potentially allowing arbitrary code execution.
Risk Assessment
An attacker could exploit this vulnerability to execute arbitrary code in the context of the application using libopensc, potentially leading to system compromise or credential theft.
Recommendation
Immediately update the OpenSC library to a patched version. Restrict the use of pkcs15-init to trusted devices and cards only.
Original NVD description (English source)
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

