Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash
The libopensc library has multiple uses of uninitialized variables, which can lead to information disclosure or application crashes. An attacker would need to craft a specially designed USB device or smart card to exploit this vulnerability. The issue can be mitigated by initializing all variables properly and validating user input.
Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs
Users of the libopensc library are at medium risk of information disclosure or application crashes due to the uninitialized variable vulnerability, which can be exploited using a crafted USB device or smart card.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
0
Affected Products
5
References
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Exploitability
Impact