CVE-2024-45620 LOW

CVE-2024-45620: Libopensc: incorrect handling of the length of buffers or files in pkcs15init

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Weakness CWE-120
Published September 3, 2024
Last update June 30, 2026

CVSS base score

3.9/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

Key dates

02Disclosure timeline

September 3, 2024 CVE published
June 30, 2026 Record updated