A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs.
Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
The code uses a variable that has not been initialized, leading to unpredictable or unintended results.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Enterprise_linux | Redhat | 7.0 (including) | 7.0 (including) |
| Enterprise_linux | Redhat | 8.0 (including) | 8.0 (including) |
| Enterprise_linux | Redhat | 9.0 (including) | 9.0 (including) |
| Opensc | Ubuntu | esm-apps/bionic | * |
| Opensc | Ubuntu | esm-apps/focal | * |
| Opensc | Ubuntu | esm-apps/jammy | * |
| Opensc | Ubuntu | esm-apps/noble | * |
| Opensc | Ubuntu | esm-apps/xenial | * |
| Opensc | Ubuntu | focal | * |
| Opensc | Ubuntu | jammy | * |
| Opensc | Ubuntu | noble | * |
| Opensc | Ubuntu | oracular | * |
| Opensc | Ubuntu | upstream | * |