CVE 2024 1454

CVE-2024-1454: Memory use after free in AuthentIC driver when updating token info

This advisory summarizes automatically reported security relevant issue that was reported since the release of OpenSC 0.24.0 and that are relevant to the handling the card enrollment process using pkcs15-init.

The Use After Free vulnerability was identified within the AuthentIC driver during the card enrollment process using pkcs15-init when a user or administrator enrolls or modifies cards. An attacker must have physical access to the computer system to take advantage of this flaw. The attack requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can potentially allow for compromising card management operations during enrollment.

Issue 64898: opensc:fuzz_pkcs15init: Heap-use-after-free in authentic_emu_update_tokeninfo
- fixed with 5835f0d4f6c033bd58806d33fa546908d39825c9

Originally reported by OSS-fuzz automated service

CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N (3.4)

Warning: Due to attempts to plant malicious links to our wiki, it is no longer open to anyone to edit. If you want to contribute to this, wiki, please open a pull request here: https://github.com/OpenSC/Wiki

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE 2024 1454

CVE-2024-1454: Memory use after free in AuthentIC driver when updating token info

Quick Start

User Documentation

Developer Documentation

Clone this wiki locally