ALT-PU-2025-12697-3

BDU:2024-11086

LOW3.9

Уязвимость утилиты персонализации смарт-карт pkcs15-init и библиотеки libopensc набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации

Published: 2024-12-12Modified: 2025-11-06

CVSS 3.xLOW 3.9

CVSS:3.x/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS 2.0LOW 3.7

CVSS:2.0/AV:L/AC:H/Au:N/C:P/I:P/A:P

References

BDU:2024-11087

MEDIUM4.3

Уязвимость утилиты персонализации смарт-карт pkcs15-init набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2024-12-12Modified: 2025-10-29

CVSS 3.xMEDIUM 4.3

CVSS:3.x/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS 2.0MEDIUM 4.6

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P

References

BDU:2024-11088

MEDIUM4.3

Уязвимость утилиты персонализации смарт-карт pkcs15-init и библиотеки libopensc набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2024-12-12Modified: 2025-10-29

CVSS 3.xMEDIUM 4.3

CVSS:3.x/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS 2.0MEDIUM 4.6

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:P

References

BDU:2024-11091

LOW3.9

Уязвимость утилиты персонализации смарт-карт pkcs15-init набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Published: 2024-12-13Modified: 2025-10-29

CVSS 3.xLOW 3.9

CVSS:3.x/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS 2.0LOW 3.7

CVSS:2.0/AV:L/AC:H/Au:N/C:P/I:P/A:P

References

BDU:2024-11092

LOW3.9

Уязвимость утилиты персонализации смарт-карт pkcs15-init и библиотеки libopensc набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Published: 2024-12-13Modified: 2025-10-29

CVSS 3.xLOW 3.9

CVSS:3.x/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS 2.0LOW 3.7

CVSS:2.0/AV:L/AC:H/Au:N/C:P/I:P/A:P

References

BDU:2024-11093

LOW3.9

Уязвимость утилиты персонализации смарт-карт pkcs15-init и библиотеки libopensc набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Published: 2024-12-13Modified: 2025-10-29

CVSS 3.xLOW 3.9

CVSS:3.x/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS 2.0LOW 3.7

CVSS:2.0/AV:L/AC:H/Au:N/C:P/I:P/A:P

References

CVE-2024-45615

LOW3.9

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).

Published: 2024-09-03Modified: 2025-11-03

CVSS 3.xLOW 3.9

CVSS:3.x/CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

References

CVE-2024-45616

LOW3.9

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.

Published: 2024-09-03Modified: 2025-11-03

CVSS 3.xLOW 3.9

CVSS:3.x/CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

References

CVE-2024-45617

LOW3.9

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

Published: 2024-09-03Modified: 2025-11-03

CVSS 3.xLOW 3.9

CVSS:3.x/CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

References

CVE-2024-45618

LOW3.9

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

Published: 2024-09-03Modified: 2025-11-03

CVSS 3.xLOW 3.9

CVSS:3.x/CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

References

CVE-2024-45619

MEDIUM4.3

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

Published: 2024-09-03Modified: 2025-11-03

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References

CVE-2024-45620

LOW3.9

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

Published: 2024-09-03Modified: 2025-11-03

CVSS 3.xLOW 3.9

CVSS:3.x/CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

References

Package update opensc in branch c9f2

Closed issues (12)

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.