CVE-2024-45617

CVSS v3.1

3.9

Low

Vector

AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions: OpenSC (affected versions not specified)

Description: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized. This could potentially impact the confidentiality, integrity, and availability of protected information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-457

Related Identifiers

ALT-PU-2025-12697

ALT-PU-2025-12701

AZL-48732

AZL-48823

BDU:2024-11092

CVE-2024-45617

DLA-4004-1

MGASA-2025-0096

OESA-2024-2245

OPENSUSE-SU-2024:14382-1

OPENSUSE-SU-2024_3444-1

OPENSUSE-SU-2024_3445-1

SUSE-SU-2024:3443-1

SUSE-SU-2024:3444-1

SUSE-SU-2024:3445-1

SUSE-SU-2024:3517-1

SUSE-SU-2025:20072-1

SUSE-SU-2025:20671-1

USN-7346-1

USN-7346-2

USN-7346-3

Affected Products

Alt Linux

Astra Linux

Linuxmint

Opensc

Red Os

Suse

Ubuntu

CVE-2024-45617

Weakness Enumeration

Related Identifiers

Affected Products

References · 89