CVE-2024-8443

CVE-2024-8443

Name

CVE-2024-8443

Description

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
vdb-entry	https://access.redhat.com/security/cve/CVE-2024-8443
issue-tracking	https://bugzilla.redhat.com/show_bug.cgi?id=2310494
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html

Type

URI

vdb-entry

https://access.redhat.com/security/cve/CVE-2024-8443

issue-tracking

https://bugzilla.redhat.com/show_bug.cgi?id=2310494

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html

CPE URI	Source package	Min version	Max version
	shopxo	>= 0	< 0.26.0

CPE URI

Source package

Min version

Max version

shopxo

>= 0

< 0.26.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
opensc	edge-community	0.26.0-r0	Timo Teräs <timo.teras@iki.fi>	fixed
opensc	3.22-community	0.26.0-r0	Timo Teräs <timo.teras@iki.fi>	fixed
opensc	3.21-community	0.26.0-r0	Timo Teräs <timo.teras@iki.fi>	fixed

Source package

Branch

Version

Maintainer

Status

opensc

edge-community

0.26.0-r0

Timo Teräs <timo.teras@iki.fi>

fixed

opensc

3.22-community