CVE-2024-45619 MEDIUM

CVE-2024-45619: Libopensc: incorrect handling length of buffers or files in libopensc

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Weakness CWE-120
Published September 3, 2024
Last update June 30, 2026

CVSS base score

4.3/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

Key dates

02Disclosure timeline

September 3, 2024 CVE published
June 30, 2026 Record updated