CVE-2024-45617

CVE-2024-45617

Name

CVE-2024-45617

Description

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
vdb-entry	https://access.redhat.com/security/cve/CVE-2024-45617
issue-tracking	https://bugzilla.redhat.com/show_bug.cgi?id=2309286
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html

Type

URI

vdb-entry

https://access.redhat.com/security/cve/CVE-2024-45617

issue-tracking

https://bugzilla.redhat.com/show_bug.cgi?id=2309286

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html

CPE URI	Source package	Min version	Max version
	shopxo	>= 0	< 0.26.0

CPE URI

Source package

Min version

Max version

shopxo

>= 0

< 0.26.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
opensc	edge-community	0.26.0-r0	Timo Teräs <timo.teras@iki.fi>	fixed
opensc	3.22-community	0.26.0-r0	Timo Teräs <timo.teras@iki.fi>	fixed
opensc	3.21-community	0.26.0-r0	Timo Teräs <timo.teras@iki.fi>	fixed

Source package

Branch

Version

Maintainer

Status

opensc

edge-community

0.26.0-r0

Timo Teräs <timo.teras@iki.fi>

fixed

opensc

3.22-community