Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2024-8443

3.4 LOW

CVSS version: 3.1
Attack vector (AV): PHYSICAL
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 6 months ago

Libopensc: heap buffer overflow in openpgp driver when generating key

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

References

https://access.redhat.com/security/cve/CVE-2024-8443 x_refsource_REDHAT vdb-entry
RHBZ#2310494 issue-tracking x_refsource_REDHAT
RHBZ#2310494 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8443 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2024-8443 x_refsource_REDHAT vdb-entry
RHBZ#2310494 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8443 x_refsource_REDHAT vdb-entry
RHBZ#2310494 issue-tracking x_refsource_REDHAT
RHBZ#2310494 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8443 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2024-8443 x_refsource_REDHAT vdb-entry
RHBZ#2310494 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8443 x_refsource_REDHAT vdb-entry
RHBZ#2310494 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8443 x_refsource_REDHAT vdb-entry
RHBZ#2310494 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html
https://access.redhat.com/security/cve/CVE-2024-8443 x_refsource_REDHAT vdb-entry
RHBZ#2310494 issue-tracking x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html

Affected products

opensc

<0.26.0

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

nixos-unstable -
- nixpkgs-unstable 0.26.1

pkgs.openscad

3D parametric model compiler

nixos-unstable -
- nixpkgs-unstable 2021.01

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

nixos-unstable -
- nixpkgs-unstable 1.4.2

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

nixos-unstable -
- nixpkgs-unstable 2.0.1

pkgs.openscenegraph

3D graphics toolkit

nixos-unstable -
- nixpkgs-unstable 3.6.5

pkgs.openscad-unstable

3D parametric model compiler (unstable)

nixos-unstable -
- nixpkgs-unstable 2025-06-04

pkgs.kakounePlugins.openscad-kak

None

nixos-unstable -
- nixpkgs-unstable 2020-12-10

pkgs.vscode-extensions.antyos.openscad

OpenSCAD highlighting, snippets, and more for VSCode

nixos-unstable -
- nixpkgs-unstable 1.3.2

Package maintainers

@michaeladler Michael Adler <therisen06@gmail.com>
@bjornfor Bjørn Forsman <bjorn.forsman@gmail.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@Curious-r Curious <curious@curious.host>
@c-h-johnson Charles Johnson <charles@charlesjohnson.name>
@pca006132 pca006132 <john.lck40@gmail.com>
@Tochiaha Tochukwu Ahanonu <tochiahan@proton.me>
@aanderse Aaron Andersen <aaron@fosslib.net>