Skip to content

Latest commit

 

History

History
32 lines (26 loc) · 2.61 KB

CVE-2024-45620.md

File metadata and controls

32 lines (26 loc) · 2.61 KB

CVE-2024-45620: Incorrect handling length of buffers or files in pkcs15init

The reported issues are part of the card enrollment process using the pkcs15-init tool. The attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs, so they are considered high complexity and low severity.

When buffers are partially filled with data, uninitialized parts of the buffer can be incorrectly accessed. The uninitialized variables were reflected in the following functions:

Affected versions: all before 0.26.0

Originally reported by Matteo Marini (Sapienza University of Rome)

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L (3.9)