CVE-2024-8443

CVSS v3.1

2.9

Low

Vector

AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: OpenSC (affected versions not specified)

Description: A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. This issue arises when a crafted USB device or smart card provides malicious responses to the APDUs during the card enrollment process using the pkcs15-init tool, potentially leading to out-of-bound rights and arbitrary code execution. The vulnerability is related to the openpgp generate key rsa() function and may allow an attacker to bypass security restrictions.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

AZL-49059

AZL-49081

BDU:2024-11083

CVE-2024-8443

DLA-4004-1

MGASA-2025-0096

OESA-2024-2245

OPENSUSE-SU-2024:14382-1

OPENSUSE-SU-2024_3444-1

OPENSUSE-SU-2024_3445-1

SUSE-SU-2024:3443-1

SUSE-SU-2024:3444-1

SUSE-SU-2024:3445-1

SUSE-SU-2024:3517-1

SUSE-SU-2025:20072-1

SUSE-SU-2025:20671-1

USN-7346-1

USN-7346-2

USN-7346-3

Affected Products

Astra Linux

Linuxmint

Opensc

Red Os

Suse

Ubuntu

CVE-2024-8443

Weakness Enumeration

Related Identifiers

Affected Products

References · 93