What is the severity of CVE-2024-45617?

CVE-2024-45617 has not been assigned a specific severity rating, but its exploitation can allow attackers to manipulate system responses via crafted devices.

How do I fix CVE-2024-45617?

To address CVE-2024-45617, users should upgrade their OpenSC tools and Red Hat Enterprise Linux to the latest security patches.

Which versions of Red Hat are affected by CVE-2024-45617?

CVE-2024-45617 affects Red Hat Enterprise Linux versions 7.0, 8.0, and 9.0.

What types of devices can exploit CVE-2024-45617?

CVE-2024-45617 can be exploited using crafted USB devices or Smart Cards presenting malicious APDU responses.

Is OpenSC affected by CVE-2024-45617?

Yes, OpenSC versions prior to 0.26.0 are vulnerable to CVE-2024-45617.

Vulnerability/
CVE-2024-45617

low

3.9

CWE

457 908

2/9/2024

3/9/2024

2/1/2025

CVE-2024-45617: Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc

First published: Mon Sep 02 2024(Updated: )

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Red Hat Enterprise Linux	=7.0
Red Hat Enterprise Linux	=8.0
Red Hat Enterprise Linux	=9.0
SUSE OpenSC	<0.26.0
debian/opensc	<=0.21.0-1	0.21.0-1+deb11u1 0.23.0-0.3+deb12u2 0.26.1-1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-45617?
CVE-2024-45617 has not been assigned a specific severity rating, but its exploitation can allow attackers to manipulate system responses via crafted devices.
How do I fix CVE-2024-45617?
To address CVE-2024-45617, users should upgrade their OpenSC tools and Red Hat Enterprise Linux to the latest security patches.
Which versions of Red Hat are affected by CVE-2024-45617?
CVE-2024-45617 affects Red Hat Enterprise Linux versions 7.0, 8.0, and 9.0.
What types of devices can exploit CVE-2024-45617?
CVE-2024-45617 can be exploited using crafted USB devices or Smart Cards presenting malicious APDU responses.
Is OpenSC affected by CVE-2024-45617?
Yes, OpenSC versions prior to 0.26.0 are vulnerable to CVE-2024-45617.

agent/title
agent/type
agent/first-publish-date
agent/severity
agent/author
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2024-45617
agent/weakness
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-cve
agent/references
agent/source
agent/softwarecombine
agent/tags
collector/usn-cve
source/Ubuntu
agent/description
agent/event
collector/security-tracker-debian
source/Debian
vendor/redhat
canonical/red hat enterprise linux
version/red hat enterprise linux/7.0
version/red hat enterprise linux/8.0
version/red hat enterprise linux/9.0
vendor/opensc project
canonical/suse opensc
package-manager/debian

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.