Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2024-45618

Use of Uninitialized Resource

Published: Sep 03, 2024 | Modified: Sep 13, 2024
CVSS 3.x
3.9
LOW
Source:
NVD
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS 2.x
RedHat/V2
RedHat/V3
3.9 LOW
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2024-45618
CWEhttps://cwe.mitre.org/data/definitions/908.html

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs.

Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

Weakness

The product uses or accesses a resource that has not been initialized.

Affected Software

Name Vendor Start Version End Version
Enterprise_linux Redhat 7.0 (including) 7.0 (including)
Enterprise_linux Redhat 8.0 (including) 8.0 (including)
Enterprise_linux Redhat 9.0 (including) 9.0 (including)

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use