Use of Uninitialized Resource Affecting opensc package, versions <0.23.0-0.3+deb12u2


Severity

Recommended
0.0
low
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.04% (16th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN12-OPENSC-7884512
  • published3 Sept 2024
  • disclosed3 Sept 2024

Introduced: 3 Sep 2024

CVE-2024-45616  (opens in a new tab)
CWE-908  (opens in a new tab)

How to fix?

Upgrade Debian:12 opensc to version 0.23.0-0.3+deb12u2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream opensc package and not the opensc package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs.

The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.

CVSS Base Scores

version 3.1