Description
A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.
Problem types
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Product status
Timeline
| 2024-09-02: | Reported to Red Hat. |
| 2024-09-02: | Made public. |
Credits
Red Hat would like to thank Matteo Marini (Sapienza University of Rome) for reporting this issue.
References
lists.debian.org/debian-lts-announce/2024/12/msg00026.html
access.redhat.com/security/cve/CVE-2024-45620
bugzilla.redhat.com/show_bug.cgi?id=2309289 (RHBZ#2309289)