CVE-2024-45618

CVE-2024-45618

Name

CVE-2024-45618

Description

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
vdb-entry	https://access.redhat.com/security/cve/CVE-2024-45618
issue-tracking	https://bugzilla.redhat.com/show_bug.cgi?id=2309287
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html

Type

URI

vdb-entry

https://access.redhat.com/security/cve/CVE-2024-45618

issue-tracking

https://bugzilla.redhat.com/show_bug.cgi?id=2309287

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
opensc	edge-community	0.26.0-r0	Timo Teräs <timo.teras@iki.fi>	fixed
opensc	3.22-community	0.26.0-r0	Timo Teräs <timo.teras@iki.fi>	fixed
opensc	3.21-community	0.26.0-r0	Timo Teräs <timo.teras@iki.fi>	fixed

Source package

Branch

Version

Maintainer

Status

opensc

edge-community

0.26.0-r0

Timo Teräs <timo.teras@iki.fi>

fixed

opensc

3.22-community