CVE-2024-45616

CVSS v2.0

5.4

Medium

Vector

AV:N/AC:H/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: OpenSC (affected versions not specified)

Description: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card. This issue may also be related to the use of uninitialized variables in the pkcs15-init utility and libopensc library, which could allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-669CWE-908CWE-457

Related Identifiers

ALT-PU-2025-12697

ALT-PU-2025-12701

AZL-48721

AZL-48768

BDU:2024-11093

BDU:2024-11101

CVE-2024-45616

DLA-4004-1

MGASA-2025-0096

OESA-2024-2245

OPENSUSE-SU-2024:14382-1

OPENSUSE-SU-2024_3444-1

OPENSUSE-SU-2024_3445-1

SUSE-SU-2024:3443-1

SUSE-SU-2024:3444-1

SUSE-SU-2024:3445-1

SUSE-SU-2024:3517-1

SUSE-SU-2025:20072-1

SUSE-SU-2025:20671-1

USN-7346-1

USN-7346-2

USN-7346-3

Affected Products

Alt Linux

Astra Linux

Linuxmint

Opensc

Red Os

Suse

Ubuntu

CVE-2024-45616

Weakness Enumeration

Related Identifiers

Affected Products

References · 97