CVE-2024-1454

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-1454

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1454.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-1454

Related

Published

2024-02-12T23:15:08Z

Modified

2024-12-28T15:45:53.125653Z

Severity

3.4 (Low) CVSS_V3 - CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.

References

Affected packages

Debian:11 / opensc

Package

Name: opensc
Purl: pkg:deb/debian/opensc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.21.0-1+deb11u1

Affected versions

0.*

0.21.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / opensc

Package

Name: opensc
Purl: pkg:deb/debian/opensc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.23.0-0.3

0.23.0-0.3+deb12u1

0.23.0-1

0.23.0-2

0.24.0~rc1-1

0.25.0~rc1-1

0.25.1-1

0.25.1-2

0.25.1-2.1

0.26.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / opensc

Package

Name: opensc
Purl: pkg:deb/debian/opensc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.25.0~rc1-1

Affected versions

0.*

0.23.0-0.3

0.23.0-1

0.23.0-2

0.24.0~rc1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/opensc/opensc

Affected ranges

Type: GIT
Repo: https://github.com/opensc/opensc
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5835f0d4f6c033bd58806d33fa546908d39825c9

Affected versions

0.*

0.12.2

0.12.2-rc1

0.13.0

0.13.0pre1

0.13.0rc1

0.14.0

0.14.0rc2

0.14.0rtm

0.15.0

0.16.0

0.16.0-rc1

0.16.0-rc2

0.17.0

0.17.0-rc1

0.17.0-rc2

0.18.0

0.18.0-rc1

0.18.0-rc2

0.19.0

0.19.0-rc1

0.20.0

0.20.0-rc1

0.20.0-rc2

0.20.0-rc3

0.20.0-rc4

0.21.0

0.21.0-rc1

0.21.0-rc2

0.22.0

0.22.0-rc1

0.22.0-rc2

0.23.0

0.23.0-rc1

0.23.0-rc2

0.24.0

0.24.0-rc1

0.24.0-rc2

v0.*

v0.12.2

v0.16.0-pre1