CVE-2024-45619

Public on 2024-09-03
Modified on 2024-09-09
Description
It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is handled and partially filled buffers can be accessed incorrectly when a specially crafted response to APDUs in a USB device or a smart card.
Severity
Low severity
Low
CVSS v3 Base Score
3.9
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core opensc Pending Fix
Amazon Linux 2023 opensc Pending Fix

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
NVD CVSSv3 4.3 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L