CVE-2024-45615
LowCVSS 3.9Exploitation Probability (EPSS)
Low risk27th percentile — higher than 27% of all known CVEs
Summary
In OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK, there is a missing initialization of variables that are expected to be initialized before being used as arguments to other functions. This can lead to unpredictable behavior or potential security issues.
Risk Assessment
Uninitialized variables can cause unexpected application behavior, potentially allowing an attacker to exploit memory errors or gain access to sensitive data.
Recommendation
It is recommended to immediately update OpenSC to the latest version that includes fixes for variable initialization. Also review the configuration and ensure all components are up to date.
Original NVD description (English source)
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).

