CVE-2024-8443
Published: September 7, 2024Last modified: June 16, 2025
Description
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 2.9 |
| Attack Vector | PHYSICAL |
| Attack complexity | HIGH |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | LOW |
| Integrity impact | LOW |
| Availability impact | NONE |
| Vector | CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | opensc | Fixed (0.26.0-r0) |
| Stream | opensc | Fixed (0.26.0-r0) |