A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7346-1 advisory.

    It was discovered that OpenSC did not correctly handle certain memory operations, which could lead to a     use-after-free vulnerability. An attacker could possibly use this issue to cause a denial of service or     execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
    (CVE-2021-42780)

    It was discovered that OpenSC did not correctly handle certain memory operations, which could lead to a     stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute     arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-42782)

    It was discovered that OpenSC did not correctly handle the length of certain buffers, which could lead to     a out-of-bounds access vulnerability. An attacker could possibly use this issue to cause a denial of     service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu     20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-2977)

    Deepanjan Pal discovered that OpenSC did not correctly authenticate a zero length PIN. A physically     proximate attacker could possibly use this issue to gain unauthorized access to certain systems. This     issue only affected

    Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-40660)

    It was discovered that OpenSC did not correctly handle certain memory operations. A physically proximate     attacker could possibly use this issue to compromise key generation, certificate loading and other card     management operations. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-40661)

    Hubert Kario, Michal Shagam and Eyal Ronen discovered that OpenSC had a timing side-channel and     incorrectly handled RSA padding. An attacker could possibly use this issue to recover sensitive     information. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-5992)

    Matteo Marini discovered that OpenSC did not properly manage memory due to certain uninitialized     variables. A physically proximate attacker could possibly use this issue to gain unauthorized access to     certain systems. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu     24.10. (CVE-2024-45615)

    Matteo Marini discovered that OpenSC did not correctly handle certain memory operations. A physically     proximate attacker could possibly use this issue to gain unauthorized access to certain systems. This     issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 24.10.
    (CVE-2024-45616, CVE-2024-45617)

    Matteo Marini discovered that OpenSC did not correctly handle certain memory operations. A physically     proximate attacker could possibly use this issue to gain unauthorized access to certain systems.
    (CVE-2024-45618, CVE-2024-45620)

    Matteo Marini discovered that OpenSC did not correctly handle certain memory operations. A physically     proximate attacker could possibly use this issue to gain unauthorized access to certain systems. This     issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-45619)

    It was discovered that OpenSC did not correctly handle certain memory operations, which could lead to a     buffer overflow. A physically proximate attacker could possibly use this issue to compromise card     management operations during enrollment and modification. This issue only affected Ubuntu 20.04 LTS,     Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-8443)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could     use a crafted USB Device or Smart Card, which would present the system with a specially crafted response     to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its     length when communicating with the card. (CVE-2024-45616)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4004 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-4004-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                       Guilhem Moulin     December 28, 2024                             https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : opensc     Version        : 0.21.0-1+deb11u1     CVE ID         : CVE-2021-34193 CVE-2021-42778 CVE-2021-42779 CVE-2021-42780                      CVE-2021-42781 CVE-2021-42782 CVE-2023-2977 CVE-2023-5992                      CVE-2023-40660 CVE-2023-40661 CVE-2024-1454 CVE-2024-8443                      CVE-2024-45615 CVE-2024-45616 CVE-2024-45617 CVE-2024-45618                      CVE-2024-45619 CVE-2024-45620     Debian Bug     : 1037021 1055521 1055522 1064189 1082853 1082859 1082860                      1082861 1082862 1082863 1082864

    Multiple vulnerabilities were found in opensc, a set of libraries and     utilities to access smart cards, which could lead to application crash,     information leak, or PIN bypass.

    CVE-2021-34193

        Multiple stack overflow vulnerabilities were discovered in OpenSC         smart card middleware via crafted responses to APDUs.

    CVE-2021-42778

        A heap double free issue was found in sc_pkcs15_free_tokeninfo().

    CVE-2021-42779

        A heap use after free issue was found in sc_file_valid().

    CVE-2021-42780

        A use after return issue was found in the insert_pin() function,         which could potentially crash programs using the library.

    CVE-2021-42781

        Multiple heap buffer overflow issues were found in         pkcs15-oberthur.c, which could potentially crash programs using the         library.

    CVE-2021-42782

        Multiple buffer overflow issues were found in various places, which         could potentially crash programs using the library.

    CVE-2023-2977

        A buffer overrun vulnerability was found in pkcs15's         cardos_have_verifyrc_package().  When supplying a smart card package         with malformed ASN.1 context, an attacker can trigger a crash or         information leak via heap-based buffer out-of-bound read.

    CVE-2023-5992

         Alicja Karion discovered that the code handling the PKCS#1.5          encryption padding removal was not implemented in side-channel          resistant way, which can lead to decryption of previously captured          RSA ciphertexts and forging of signatures based on the timing data          (Marvin attack).

    CVE-2023-40660

        Deepanjan Pal discovered a potential PIN bypass with empty PIN.
        When the token/card was plugged into the computer and authenticated         from one process, it could be used to provide cryptographic         operations from different process when the empty, zero-length PIN         was provided.

    CVE-2023-40661

        Multiple memory vulnerabilities were found by dynamic analyzers in         pkcs15-init.

    CVE-2024-1454

        A memory use after free issue was found in AuthentIC driver when         updating token info.

    CVE-2024-8443

        An heap buffer overflow issue was found in OpenPGP driver during key         generation.

    CVE-2024-45615

        Matteo Marini discovered multiple uses of uninitialized values in         libopensc and pkcs15init.

    CVE-2024-45616

        Matteo Marini discovered multiple uses of uninitialized values after         incorrect check or usage of APDU response values in libopensc.

    CVE-2024-45617

        Matteo Marini discovered multiple uses of uninitialized values after         incorrect or missing checking return values of functions in         libopensc.

    CVE-2024-45618

        Matteo Marini discovered multiple uses of uninitialized values after         incorrect or missing checking return values of functions in         pkcs15init.

    CVE-2024-45619

        Matteo Marini discovered multiple incorrect handling of length of         buffers or files in libopensc, which could result in application         crash or information leak.  When buffers are partially filled with         data, uninitialized parts of the buffer may be incorrectly accessed.

    CVE-2024-45620

        Matteo Marini discovered multiple incorrect handling of length of         buffers or files in pkcs15init, which could result in application         crash or information leak.  When buffers are partially filled with         data, uninitialized parts of the buffer may be incorrectly accessed.

    For Debian 11 bullseye, these problems have been fixed in version     0.21.0-1+deb11u1.

    We recommend that you upgrade your opensc packages.

    For the detailed security status of opensc please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/opensc

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of opensc installed on the remote host is prior to 0.19.0-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2709 advisory.

    It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is     handled and partially filled buffers can be accessed incorrectly when a specially crafted response to     APDUs in a USB device or a smart card. (CVE-2024-45615)

    It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is     handled and partially filled buffers can be accessed incorrectly when a specially crafted response to     APDUs in a USB device or a smart card. (CVE-2024-45616)

    It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is     handled and partially filled buffers can be accessed incorrectly when a specially crafted response to     APDUs in a USB device or a smart card. (CVE-2024-45617)

    It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is     handled and partially filled buffers can be accessed incorrectly when a specially crafted response to     APDUs in a USB device or a smart card. (CVE-2024-45618)

    It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is     handled and partially filled buffers can be accessed incorrectly when a specially crafted response to     APDUs in a USB device or a smart card. (CVE-2024-45619)

    It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is     handled and partially filled buffers can be accessed incorrectly when a specially crafted response to     APDUs in a USB device or a smart card. (CVE-2024-45620)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-775 advisory.

    It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is     handled and partially filled buffers can be accessed incorrectly when a specially crafted response to     APDUs in a USB device or a smart card. (CVE-2024-45615)

    It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is     handled and partially filled buffers can be accessed incorrectly when a specially crafted response to     APDUs in a USB device or a smart card. (CVE-2024-45616)

    It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is     handled and partially filled buffers can be accessed incorrectly when a specially crafted response to     APDUs in a USB device or a smart card. (CVE-2024-45617)

    It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is     handled and partially filled buffers can be accessed incorrectly when a specially crafted response to     APDUs in a USB device or a smart card. (CVE-2024-45618)

    It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is     handled and partially filled buffers can be accessed incorrectly when a specially crafted response to     APDUs in a USB device or a smart card. (CVE-2024-45619)

    It is caused by the libopensc library in opensc porject. This vulnerability affects how the buffer data is     handled and partially filled buffers can be accessed incorrectly when a specially crafted response to     APDUs in a USB device or a smart card. (CVE-2024-45620)

    libopensc: Heap buffer overflow in OpenPGP driver when generating key (CVE-2024-8443)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3444-1 advisory.

    - CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076)
    - CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075)
    - CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in     pkcs15init. (bsc#1230074)
    - CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in     libopensc. (bsc#1230073)
    - CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in     libopensc. (bsc#1230072)
    - CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071)
    - CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3443-1 advisory.

    - CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076)
    - CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075)
    - CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in     pkcs15init. (bsc#1230074)
    - CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in     libopensc. (bsc#1230073)
    - CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in     libopensc. (bsc#1230072)
    - CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071)
    - CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3445-1 advisory.

    - CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076)
    - CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075)
    - CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in     pkcs15init. (bsc#1230074)
    - CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in     libopensc. (bsc#1230073)
    - CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in     libopensc. (bsc#1230072)
    - CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071)
    - CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
232648	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : OpenSC vulnerabilities (USN-7346-1)	Nessus	Ubuntu Local Security Checks	high
228441	Linux Distros Unpatched Vulnerability : CVE-2024-45616	Nessus	Misc.	low
213413	Debian dla-4004 : opensc - security update	Nessus	Debian Local Security Checks	high
213344	Amazon Linux 2 : opensc (ALAS-2024-2709)	Nessus	Amazon Linux Local Security Checks	medium
212360	Amazon Linux 2023 : opensc (ALAS2023-2024-775)	Nessus	Amazon Linux Local Security Checks	medium
207782	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : opensc (SUSE-SU-2024:3444-1)	Nessus	SuSE Local Security Checks	medium
207781	SUSE SLES12 Security Update : opensc (SUSE-SU-2024:3443-1)	Nessus	SuSE Local Security Checks	medium
207780	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : opensc (SUSE-SU-2024:3445-1)	Nessus	SuSE Local Security Checks	medium

Detections

Analytics

CVE-2024-45616

low

Tenable Plugins

high

low

high

medium

medium

medium

medium

medium