CVE-2024-8443
CVSS 3.1 Score 3.4 of 10 (low)
Details
Summary
CVE-2024-8443 is a heap-based buffer overflow vulnerability identified in the libopensc OpenPGP driver, which can potentially affect products using this library. The vulnerability arises when a malicious USB device or smart card responds with crafted APDUs during the card enrollment process via the pkcs15-init tool, leading to out-of-bounds rights and possibly allowing arbitrary code execution. Remediation measures are not specified in the provided information; however, organizations are advised to review their use of affected products and implement security best practices to mitigate risks. The potential danger includes low integrity and confidentiality impacts but requires physical access for exploitation, making it less likely to be exploited remotely. The vulnerability has been rated with a low severity score of 3.4 by Red Hat, indicating that while it poses risks, they may be manageable under certain conditions.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.