CVE-2024-45616

LOW Year: 2024
CVSS v3 Score
3.9
Low
Weakness Type
CWE-457
View all →

Vulnerability Description

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.

Related Vulnerabilities

CVE-2024-31636

LOW
CVSS:3.9(Low)

An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.

CWE-4572024

CVE-2024-45615

LOW
CVSS:3.9(Low)

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, ...

CWE-4572024

CVE-2024-45617

LOW
CVSS:3.9(Low)

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafte...

CWE-4572024

CVE-2024-45618

LOW
CVSS:3.9(Low)

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or...

CWE-4572024

CVE-2022-33716

MEDIUM
CVSS:4.4(Medium)

An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory.

CWE-4572022

CVE-2021-34951

LOW
CVSS:3.3(Low)

Foxit PDF Reader Annotation Use of Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations o...

CWE-4572021