vulnerability

Debian: CVE-2024-1454: opensc -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:L/AC:H/Au:N/C:P/I:P/A:N)	Feb 12, 2024	Dec 30, 2024	Aug 15, 2025

Severity

CVSS

(AV:L/AC:H/Au:N/C:P/I:P/A:N)

Published

Feb 12, 2024

Added

Dec 30, 2024

Modified

Aug 15, 2025

Description

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.

Solution

debian-upgrade-opensc

References

CVE-2024-1454
https://attackerkb.com/topics/CVE-2024-1454
CWE-416
DEBIAN-DLA-4004-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today