CVE-2024-8443 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	2.9 LOW	PHYSICAL	HIGH	NONE	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
redhat	CNA	2.9 LOW	PHYSICAL	HIGH	NONE	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 43%

Affected Products (NVD)

Vendor	Product	Version
opensc_project	opensc	-
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

opensc

bookworm	0.23.0-0.3+deb12u2 fixed
bullseye	vulnerable
bullseye (security)	0.21.0-1+deb11u1 fixed
forky	0.26.1-3 fixed
sid	0.26.1-3 fixed
trixie	0.26.1-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

opensc

bionic	not-affected
focal	Fixed 0.20.0-3ubuntu0.1~esm4 released
jammy	Fixed 0.22.0-1ubuntu2+esm1 released
noble	Fixed 0.25.0~rc1-1ubuntu0.1~esm1 released
oracular	Fixed 0.25.1-2ubuntu1.1 released
plucky	not-affected
questing	not-affected
xenial	not-affected

Common Weakness Enumeration

CWE-122 - Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://access.redhat.com/security/cve/CVE-2024-8443

https://bugzilla.redhat.com/show_bug.cgi?id=2310494

https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html