OESA-2024-2245

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2245
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2024-2245.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2024-2245
Upstream
Published
2024-10-12T11:09:21Z
Modified
2025-08-12T05:45:31.100548Z
Summary
opensc security update
Details

OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the standard APIs to smart cards, e.g. PKCS#11 API, Windows’ Smart Card Minidriver and macOS Tokend.

Security Fix(es):

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).(CVE-2024-45615)

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs.

The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.(CVE-2024-45616)

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs.

Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.(CVE-2024-45617)

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs.

Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.(CVE-2024-45618)

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.(CVE-2024-45619)

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.(CVE-2024-45620)

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the pkcs15-init tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.(CVE-2024-8443)

Database specific
{
    "severity": "Low"
}
References

Affected packages

openEuler:22.03-LTS-SP1 / opensc

Package

Name
opensc
Purl
pkg:rpm/openEuler/opensc&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.21.0-11.oe2203sp1

Ecosystem specific

{
    "aarch64": [
        "opensc-0.21.0-11.oe2203sp1.aarch64.rpm",
        "opensc-debuginfo-0.21.0-11.oe2203sp1.aarch64.rpm",
        "opensc-debugsource-0.21.0-11.oe2203sp1.aarch64.rpm"
    ],
    "src": [
        "opensc-0.21.0-11.oe2203sp1.src.rpm"
    ],
    "x86_64": [
        "opensc-0.21.0-11.oe2203sp1.x86_64.rpm",
        "opensc-debuginfo-0.21.0-11.oe2203sp1.x86_64.rpm",
        "opensc-debugsource-0.21.0-11.oe2203sp1.x86_64.rpm"
    ],
    "noarch": [
        "opensc-help-0.21.0-11.oe2203sp1.noarch.rpm"
    ]
}

openEuler:24.03-LTS / opensc

Package

Name
opensc
Purl
pkg:rpm/openEuler/opensc&distro=openEuler-24.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.0-7.oe2403

Ecosystem specific

{
    "aarch64": [
        "opensc-0.23.0-7.oe2403.aarch64.rpm",
        "opensc-debuginfo-0.23.0-7.oe2403.aarch64.rpm",
        "opensc-debugsource-0.23.0-7.oe2403.aarch64.rpm",
        "opensc-help-0.23.0-7.oe2403.aarch64.rpm"
    ],
    "src": [
        "opensc-0.23.0-7.oe2403.src.rpm"
    ],
    "x86_64": [
        "opensc-0.23.0-7.oe2403.x86_64.rpm",
        "opensc-debuginfo-0.23.0-7.oe2403.x86_64.rpm",
        "opensc-debugsource-0.23.0-7.oe2403.x86_64.rpm",
        "opensc-help-0.23.0-7.oe2403.x86_64.rpm"
    ]
}

openEuler:22.03-LTS-SP4 / opensc

Package

Name
opensc
Purl
pkg:rpm/openEuler/opensc&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.21.0-11.oe2203sp4

Ecosystem specific

{
    "aarch64": [
        "opensc-0.21.0-11.oe2203sp4.aarch64.rpm",
        "opensc-debuginfo-0.21.0-11.oe2203sp4.aarch64.rpm",
        "opensc-debugsource-0.21.0-11.oe2203sp4.aarch64.rpm"
    ],
    "src": [
        "opensc-0.21.0-11.oe2203sp4.src.rpm"
    ],
    "x86_64": [
        "opensc-0.21.0-11.oe2203sp4.x86_64.rpm",
        "opensc-debuginfo-0.21.0-11.oe2203sp4.x86_64.rpm",
        "opensc-debugsource-0.21.0-11.oe2203sp4.x86_64.rpm"
    ],
    "noarch": [
        "opensc-help-0.21.0-11.oe2203sp4.noarch.rpm"
    ]
}

openEuler:22.03-LTS-SP3 / opensc

Package

Name
opensc
Purl
pkg:rpm/openEuler/opensc&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.21.0-11.oe2203sp3

Ecosystem specific

{
    "aarch64": [
        "opensc-0.21.0-11.oe2203sp3.aarch64.rpm",
        "opensc-debuginfo-0.21.0-11.oe2203sp3.aarch64.rpm",
        "opensc-debugsource-0.21.0-11.oe2203sp3.aarch64.rpm"
    ],
    "src": [
        "opensc-0.21.0-11.oe2203sp3.src.rpm"
    ],
    "x86_64": [
        "opensc-0.21.0-11.oe2203sp3.x86_64.rpm",
        "opensc-debuginfo-0.21.0-11.oe2203sp3.x86_64.rpm",
        "opensc-debugsource-0.21.0-11.oe2203sp3.x86_64.rpm"
    ],
    "noarch": [
        "opensc-help-0.21.0-11.oe2203sp3.noarch.rpm"
    ]
}

openEuler:20.03-LTS-SP4 / opensc

Package

Name
opensc
Purl
pkg:rpm/openEuler/opensc&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.20.0-15.oe2003sp4

Ecosystem specific

{
    "aarch64": [
        "opensc-0.20.0-15.oe2003sp4.aarch64.rpm",
        "opensc-debuginfo-0.20.0-15.oe2003sp4.aarch64.rpm",
        "opensc-debugsource-0.20.0-15.oe2003sp4.aarch64.rpm"
    ],
    "src": [
        "opensc-0.20.0-15.oe2003sp4.src.rpm"
    ],
    "x86_64": [
        "opensc-0.20.0-15.oe2003sp4.x86_64.rpm",
        "opensc-debuginfo-0.20.0-15.oe2003sp4.x86_64.rpm",
        "opensc-debugsource-0.20.0-15.oe2003sp4.x86_64.rpm"
    ],
    "noarch": [
        "opensc-help-0.20.0-15.oe2003sp4.noarch.rpm"
    ]
}