Login Sign Up

CVE-2024-45619

4.3 MEDIUM

📋 TL;DR

A buffer handling vulnerability in OpenSC and related components allows attackers to access uninitialized memory via crafted USB devices or smart cards. This could lead to information disclosure or system instability. Systems using OpenSC for smart card authentication or cryptographic operations are affected.

💻 Affected Systems

Products:
  • OpenSC
  • OpenSC tools
  • PKCS#11 module
  • minidriver
  • CTK
Versions: Versions before the fix (specific versions vary by distribution)
Operating Systems: Linux distributions (Red Hat, Debian, etc.), Windows systems using affected components
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable when using affected OpenSC components with USB devices or smart cards. Systems not using these features are not affected.

📦 What is this software?

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Opensc by Opensc Project

View all CVEs affecting Opensc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure of sensitive memory contents, potentially including cryptographic keys or authentication credentials, leading to system compromise.

🟠

Likely Case

Application crashes or denial of service due to memory corruption, with possible limited information leakage.

🟢

If Mitigated

Minimal impact if systems don't use affected OpenSC components or have physical access controls preventing malicious device insertion.

🌐 Internet-Facing: LOW - Requires physical device insertion or smart card interaction, not remotely exploitable.
🏢 Internal Only: MEDIUM - Internal attackers with physical access could exploit via malicious USB devices or smart cards.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires physical access to insert malicious USB device or smart card, or ability to present crafted APDU responses through other means.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Distribution-specific (e.g., Red Hat, Debian have released updates)

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2024-45619

Restart Required: Yes

Instructions:

1. Check your distribution's security advisories. 2. Update OpenSC packages using your package manager (yum update opensc, apt-get upgrade opensc). 3. Restart affected services or reboot system.

🔧 Temporary Workarounds

Disable vulnerable components

linux

Disable OpenSC smart card services if not required

systemctl disable pcscd
systemctl stop pcscd

Physical access controls

all

Implement USB port restrictions and smart card reader access controls

🧯 If You Can't Patch

  • Implement strict physical security controls to prevent unauthorized USB device insertion
  • Disable smart card authentication and remove OpenSC components if not essential

🔍 How to Verify

Check if Vulnerable:

Check OpenSC version: opensc-tool -v and compare with patched versions from vendor advisories

Check Version:

opensc-tool -v 2>/dev/null || rpm -q opensc || dpkg -l opensc

Verify Fix Applied:

Verify updated package version and test smart card functionality

📡 Detection & Monitoring

Log Indicators:

  • pcscd service crashes
  • OpenSC error messages in system logs
  • unusual USB device insertion logs

Network Indicators:

  • None - local physical attack only

SIEM Query:

source="systemd" AND "pcscd" AND ("segmentation fault" OR "crash")

📊 Metadata

CVE ID: CVE-2024-45619
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-120
Published: September 3, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45619, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)