Nixpkgs security tracker

Untriaged

Permalink CVE-2024-45618

3.9 LOW

CVSS version: 3.1
Attack vector (AV): PHYSICAL
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

created 1 year, 3 months ago

Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

References

https://access.redhat.com/security/cve/CVE-2024-45618 vdb-entryx_refsource_REDHAT
RHBZ#2309287 issue-trackingx_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html

Affected products

opensc

libopensc

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

nixos-unstable 0.26.0
- nixpkgs-unstable 0.26.0
- nixos-unstable-small 0.26.0

pkgs.openscad

3D parametric model compiler

nixos-unstable 2021.01
- nixpkgs-unstable 2021.01
- nixos-unstable-small 2021.01

pkgs.openscap

NIST Certified SCAP 1.2 toolkit

nixos-unstable 1.3.10
- nixpkgs-unstable 1.3.10

pkgs.openscad-lsp

LSP (Language Server Protocol) server for OpenSCAD

nixos-unstable 1.2.5
- nixpkgs-unstable 1.2.5
- nixos-unstable-small 1.2.5

pkgs.openscenegraph

3D graphics toolkit

nixos-unstable 3.6.5
- nixpkgs-unstable 3.6.5
- nixos-unstable-small 3.6.5

pkgs.openscad-unstable

3D parametric model compiler (unstable)

nixos-unstable 2024-12-06
- nixpkgs-unstable 2024-12-06
- nixos-unstable-small 2024-12-06

pkgs.vimPlugins.vim-openscad

None

nixos-unstable 2022-07-26
- nixpkgs-unstable 2022-07-26
- nixos-unstable-small 2022-07-26

pkgs.vimPlugins.openscad-nvim

None

nixos-unstable 2024-04-13
- nixpkgs-unstable 2024-04-13
- nixos-unstable-small 2024-04-13

pkgs.kakounePlugins.openscad-kak

None

nixos-unstable 2020-12-10
- nixpkgs-unstable 2020-12-10
- nixos-unstable-small 2020-12-10

pkgs.vscode-extensions.antyos.openscad

OpenSCAD highlighting, snippets, and more for VSCode

nixos-unstable 1.3.1
- nixpkgs-unstable 1.3.1
- nixos-unstable-small 1.3.1

Package maintainers

@c-h-johnson Charles Johnson <charles@charlesjohnson.name>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@pca006132 pca006132 <john.lck40@gmail.com>
@Tochiaha Tochukwu Ahanonu <tochiahan@proton.me>
@aanderse Aaron Andersen <aaron@fosslib.net>
@michaeladler Michael Adler <therisen06@gmail.com>
@gebner Gabriel Ebner <gebner@gebner.org>
@bjornfor Bjørn Forsman <bjorn.forsman@gmail.com>

Accepted

Permalink CVE-2024-8443

2.9 LOW

CVSS version: 3.1
Attack vector (AV): PHYSICAL
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

updated 1 year, 4 months ago by @LeSuisse Activity log

Created automatic suggestion 1 year, 4 months ago
@LeSuisse accepted 1 year, 4 months ago

Libopensc: heap buffer overflow in openpgp driver when generating key

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.

References

https://access.redhat.com/security/cve/CVE-2024-8443 vdb-entryx_refsource_REDHAT
RHBZ#2310494 issue-trackingx_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html

Affected products

opensc

<0.26.0

Matching in nixpkgs

pkgs.opensc

Set of libraries and utilities to access smart cards

nixos-unstable 0.26.0
- nixpkgs-unstable 0.26.0
- nixos-unstable-small 0.26.0

Package maintainers

@michaeladler Michael Adler <therisen06@gmail.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.opensc

pkgs.openscad

pkgs.openscap

pkgs.openscad-lsp

pkgs.openscenegraph

pkgs.openscad-unstable

pkgs.vimPlugins.vim-openscad

pkgs.vimPlugins.openscad-nvim

pkgs.kakounePlugins.openscad-kak

pkgs.vscode-extensions.antyos.openscad

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.opensc

Package maintainers