CVE-2024-45617
LowCVSS 3.9Exploitation Probability (EPSS)
Low risk22th percentile — higher than 22% of all known CVEs
Summary
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK due to insufficient checking of function return values. An attacker could use a crafted USB device or smart card to present specially crafted APDU responses, leading to work with uninitialized variables.
Risk Assessment
The risk for the organization includes potential data integrity breaches or unexpected system behavior, which could allow an attacker to escalate privileges or perform unauthorized operations.
Recommendation
It is recommended to immediately update OpenSC to the latest patched version and verify that all components (tools, PKCS#11 module, minidriver, CTK) are updated.
Original NVD description (English source)
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

