{"affected":[{"ecosystem_specific":{"binaries":[{"opensc":"0.19.0-150100.3.31.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.1","name":"opensc","purl":"pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Micro%205.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.19.0-150100.3.31.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"opensc":"0.19.0-150100.3.31.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.2","name":"opensc","purl":"pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Micro%205.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.19.0-150100.3.31.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for opensc fixes the following issues:\n\n- CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076)\n- CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075)\n- CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (bsc#1230074)\n- CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (bsc#1230073)\n- CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (bsc#1230072)\n- CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071)\n- CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364)\n","id":"SUSE-SU-2024:3517-1","modified":"2024-10-03T12:03:40Z","published":"2024-10-03T12:03:40Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20243517-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217722"},{"type":"REPORT","url":"https://bugzilla.suse.com/1230071"},{"type":"REPORT","url":"https://bugzilla.suse.com/1230072"},{"type":"REPORT","url":"https://bugzilla.suse.com/1230073"},{"type":"REPORT","url":"https://bugzilla.suse.com/1230074"},{"type":"REPORT","url":"https://bugzilla.suse.com/1230075"},{"type":"REPORT","url":"https://bugzilla.suse.com/1230076"},{"type":"REPORT","url":"https://bugzilla.suse.com/1230364"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-45615"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-45616"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-45617"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-45618"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-45619"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-45620"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-8443"}],"related":["CVE-2024-45615","CVE-2024-45616","CVE-2024-45617","CVE-2024-45618","CVE-2024-45619","CVE-2024-45620","CVE-2024-8443"],"summary":"Security update for opensc","upstream":["CVE-2024-45615","CVE-2024-45616","CVE-2024-45617","CVE-2024-45618","CVE-2024-45619","CVE-2024-45620","CVE-2024-8443"]}