A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs.
The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.
The code uses a variable that has not been initialized, leading to unpredictable or unintended results.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Enterprise_linux | Redhat | 7.0 (including) | 7.0 (including) |
Enterprise_linux | Redhat | 8.0 (including) | 8.0 (including) |
Enterprise_linux | Redhat | 9.0 (including) | 9.0 (including) |
Opensc | Ubuntu | esm-apps/bionic | * |
Opensc | Ubuntu | esm-apps/focal | * |
Opensc | Ubuntu | esm-apps/jammy | * |
Opensc | Ubuntu | esm-apps/noble | * |
Opensc | Ubuntu | esm-apps/xenial | * |
Opensc | Ubuntu | focal | * |
Opensc | Ubuntu | jammy | * |
Opensc | Ubuntu | noble | * |
Opensc | Ubuntu | oracular | * |
Opensc | Ubuntu | upstream | * |