Use of Uninitialized Variable

CVE-2024-45617

Low

3.9/10

Summary

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

Attack Complexity: HIGH
Attack Vector: PHYSICAL
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-457 - Use of Uninitialized Variable

The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

References

Advisory Timeline

Published Sep 03, 2024

Use of Uninitialized Variable

CVE-2024-45617

Summary

CWE-457 - Use of Uninitialized Variable

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS