From e883d382167ed70e7e6acc59c372c82c7f78a9c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= Date: Thu, 5 Sep 2024 09:47:13 +0200 Subject: [PATCH] Add CVE-2024-8443 --- CVE-2024-8443.md | 18 ++++++++++++++++++ OpenSC-security-advisories.md | 3 ++- 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 CVE-2024-8443.md diff --git a/CVE-2024-8443.md b/CVE-2024-8443.md new file mode 100644 index 0000000..40c7fc5 --- /dev/null +++ b/CVE-2024-8443.md @@ -0,0 +1,18 @@ +# [CVE-2024-8443](https://nvd.nist.gov/vuln/detail/CVE-2024-8443): Heap buffer overflow in OpenPGP driver when generating key + +This advisory summarizes automatically reported security-relevant issues reported since the release of OpenSC 0.25.1. + +The Heap Buffer Overflow vulnerability was identified within the OpenPGP driver during the card enrollment process using the pkcs15-init tool to generate RSA or ECDSA key when a user or administrator enrolls or modifies cards, but it can also be encountered when using the driver for key generation (for example via openpgp-tool). +The attack requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can potentially compromise card management operations during enrollment and modification of the keys on the card. + +* Heap buffer overflow in `openpgp_generate_key_rsa` + * + * + * fixed in b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc +* Heap buffer overflow in `pgp_calculate_and_store_fingerprint` + * + * fixed in 02e847458369c08421fd2d5e9a16a5f272c2de9e + +Originally reported by OSS-fuzz automated service. + +CVSS:3.1[/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N) (3.4) diff --git a/OpenSC-security-advisories.md b/OpenSC-security-advisories.md index 16d596e..6b009f8 100644 --- a/OpenSC-security-advisories.md +++ b/OpenSC-security-advisories.md @@ -2,6 +2,7 @@ Software often contains bugs, so does OpenSC. Be aware of the following security issues (in addition to overall [security considerations](Security-Considerations)) and upgrade to latest released version if needed. +* 05.09.2024 Heap buffer overflow issue has been identified in OpenSC driver for OpenPGP [CVE-2024-8443](CVE-2024-8443) * 04.09.2024 Uninitialized memory issues have been identified in OpenSC * [CVE-2024-45615](CVE-2024-45615): Usage of uninitialized values in libopensc and pkcs15init * [CVE-2024-45616](CVE-2024-45616): Uninitialized values after incorrect check or usage of APDU response values in libopensc @@ -16,7 +17,7 @@ Software often contains bugs, so does OpenSC. Be aware of the following security * The memory issues can be triggered by malicious smartcards sending malformed responses to APDU commands. Coded as ([CVE-2023-40661](CVE-2023-40661) and [CVE-2023-4535](CVE-2023-4535)). * The potential PIN bypass can happen when card tracks its own login state, demonstrated with Yubikey's PIV applet [CVE-2023-40660](CVE-2023-40660) * 20.10.2021 Multiple issues have been identified in OpenSC, including heap double free, use after free/return, and buffer overflows. They can be triggered by malicious smartcards sending malformed responses to APDU commands. Coded as ([CVE-2021-42778](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4277), [CVE-2021-42779](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42779), [CVE-2021-42780](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42780) and [CVE-2021-42781](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42782)) -* 24.11.2020 Heap buffer overflows have been detected in the smart card drivers for oberthur, TCOS and Gemsafe GPK, which can be triggered by a specially crafted smart card during the initialization of OpenSC ([CVE-2020-26570](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26570), [CVE-2020-26571](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26571) and [CVE-2020-26572](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26572) +* 24.11.2020 Heap buffer overflows have been detected in the smart card drivers for oberthur, TCOS and Gemsafe GPK, which can be triggered by a specially crafted smart card during the initialization of OpenSC ([CVE-2020-26570](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26570), [CVE-2020-26571](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26571) and [CVE-2020-26572](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26572)) * [13.09.2018](https://sourceforge.net/p/opensc/mailman/message/36414448/) Multiple issues have been identified in OpenSC, ranging from stack based buffer overflows to out of bounds reads and writes on the heap. They can be triggered by malicious smartcards sending malformed responses to APDU commands. Source: [X41-2018-002](https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/). Coded as [CVE-2018-16391](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16391), [CVE-2018-16392](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16392), [CVE-2018-16393](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16393), [CVE-2018-16418](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16418), [CVE-2018-16419](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16419), [CVE-2018-16420](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16420), [CVE-2018-16421](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16421), [CVE-2018-16422](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16422), [CVE-2018-16423g](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16423), [CVE-2018-16424](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16424), [CVE-2018-16425](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16425), [CVE-2018-16426](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16426) and [CVE-2018-16427](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16427) * 17.12.2010 A rogue smart card, specially crafted for this purpose, can be used to potentially execute arbitrary code if inserted to a local machine. Source: MWR InfoSecurity Advisory. Coded as [CVE-2010-4523](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4523) * 07.05.2009 security advisory coded as [CVE-2009-1603](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1603)