Add CVEs for uninitialized memory

OpenSC · Sep 4, 2024 · daac1e6 · daac1e6
1 parent 5aa3cb5
commit daac1e6
Show file tree

Hide file tree

Showing 7 changed files with 192 additions and 0 deletions.
diff --git a/CVE-2024-45615.md b/CVE-2024-45615.md
@@ -0,0 +1,29 @@
+# [CVE-2024-45615](https://nvd.nist.gov/vuln/detail/CVE-2024-45615): Usage of uninitialized values in libopensc and pkcs15init
+
+The reported issues are part of the libopensc library, which makes them accessible from OpenSC tools, PKCS#11 module, minidriver, or CTK. One is only relevant to handling the card enrollment using the pkcs15-init tool.
+The attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs, so they are considered high complexity and low severity.
+
+The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).
+The uninitialized variables were reflected in the following functions:
+
+- [cac_read_file](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-cac.c#L423)
+  - calling function for reading files with uninitialized values for buffer and length (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-cac.c#L389)
+  - found via fuzz_card, fuzz_pkcs11, fuzz_pkcs15_crypt
+- [piv_get_challenge](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-piv.c#L4460)
+  - uninitialized value later used in piv_get_challenge, since variables are not initialized by sc_asn1_read_tag (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-piv.c#L4459)
+  - found via fuzz_pkcs11
+- [sc_asn1_decode_object_id](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/asn1.c#L838)
+  - uninitialized values come from sc_pkcs15_get_name_from_dn function (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/pkcs15-cert.c#L172)
+  - found via fuzz_pkcs11
+- [sc_pkcs15emu_sc_hsm_decode_cvc](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/pkcs15-sc-hsm.c#L421)
+  - uninitialized values not filled by sc_asn1_read_tag function (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/pkcs15-sc-hsm.c#L389)
+  - found via fuzz_pkcs15_crypt
+- do_init_app, [sc_pkcs15init_create_pin](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/pkcs15init/pkcs15-lib.c#L1140)
+  - uninitialized value comes from do_pin_flags (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/pkcs15init/profile.c#L1812)
+  - found via fuzz_pkcs15init
+
+Affected versions: all before 0.26.0
+
+Originally reported by Matteo Marini (Sapienza University of Rome)
+
+CVSS:3.1[/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) (3.9)
diff --git a/CVE-2024-45616.md b/CVE-2024-45616.md
@@ -0,0 +1,51 @@
+# [CVE-2024-45616](https://nvd.nist.gov/vuln/detail/CVE-2024-45616):  Uninitialized values after incorrect check or usage of APDU response values in libopensc
+
+The reported issues are part of the libopensc library, which makes them accessible from OpenSC tools, PKCS#11 module, minidriver, or CTK.
+The attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs, so they are considered high complexity and low severity.
+
+The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.
+The uninitialized variables were reflected in these functions:
+
+- [cardos_match_card](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-cardos.c#L136)
+  - uninitialized APDU response buffer, unchecked response length (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-cardos.c#L136)
+  - uninitialized value used later by cardos_match_card
+  - found via fuzz_card, fuzz_pkcs11, fuzz_pkcs15_crypt, fuzz_pkcs15_decode
+- _itoa_word, called from [sc_hex_dump](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/log.c#L367)
+  - the problem arose from cac_cac1_get_certificate function with wrong calculation of certificate length based on the APDU rseponse length (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-cac1.c#L95-L100)
+  - found via fuzz_card, fuzz_pkcs15_crypt, fuzz_pkcs15_decode
+- sc_bin_to_hex
+  - the problem arose from auth_select_aid function unchecked SW1 and SW2 after querying for serial number (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-oberthur.c#L163)
+  - found via fuzz_pkcs11, fuzz_pkcs15_encode
+- strcmp, called from sc_asn1_read_tag
+  - the problem arose from gids_get_DO function with uncorrect setting of buffer length, when buffer filled with APDU response (https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/card-gids.c#L249-L253)
+  - found via fuzz_pkcs15_decode,
+- [asn1_decode](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/asn1.c#L1740)
+  - do_select not checking APDU response length before accesssing APDu response buffer (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-mcrd.c#L590)
+  - found via fuzz_pkcs11, fuzz_pkcs15_decode
+- [process_fcp](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-mcrd.c#L508)
+  - do_select not checking APDU response length before accesssing APDu response buffer (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-mcrd.c#L590)
+  - fuzz_pkcs15_crypt
+- [dnie_process_fci](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-dnie.c#L2024)
+  - dnie_compose_and_send_apdu lacks checking for APDU reponse length before accessing response (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-dnie.c#L1180)
+  - found via fuzz_pkcs11, fuzz_pkcs15_crypt, fuzz_pkcs15_decode
+- [iso7816_process_fci](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/iso7816.c#L463)
+  - dnie_compose_and_send_apdu lacks checking for APDU reponse length before accessing response (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-dnie.c#L1180)
+  - found via fuzz_pkcs15_encode
+- [sc_pkcs15init_parse_info](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/pkcs15init/pkcs15-lib.c#L4564), [msc_extract_rsa_public_key](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/muscle.c#L620)
+  - incorrect return of APDU reponse data length in msc_partial_read_object (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/muscle.c#L96)
+  - uninitialized part of buffer after actual length accessed by sc_pkcs15init_parse_info
+  - found via fuzz_pkcs11, fuzz_pkcs15init
+- [sc_bin_to_hex](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/sc.c#L155)
+  - unchecked APDU response length when querying for serial number in auth_select_aid (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-oberthur.c#L163)
+  - found via fuzz_pkcs15_crypt, fuzz_pkcs15init, fuzz_pkcs15_decode
+- [gids_read_masterfile](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-gids.c#L368)
+  - the problem arose from gids_get_DO function with uncorrect setting of buffer length, when buffer filled with APDU response (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-gids.c#L249-L253)
+- [sc_bin_to_hex](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/sc.c#L155)
+  - unchecked value of APDU response length in function entersafe_get_serialnr (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-entersafe.c#L1424)
+  - found via fuzz_pkcs15_reader
+
+Affected versions: all before 0.26.0
+
+Originally reported by Matteo Marini (Sapienza University of Rome)
+
+CVSS:3.1[/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) (3.9)
diff --git a/CVE-2024-45617.md b/CVE-2024-45617.md
@@ -0,0 +1,23 @@
+# [CVE-2024-45617](https://nvd.nist.gov/vuln/detail/CVE-2024-45617): Uninitialized values after incorrect or missing checking return values of functions in libopensc
+
+The reported issues are part of the libopensc library, which makes them accessible from OpenSC tools, PKCS#11 module, minidriver, or CTK.
+The attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs, so they are considered high complexity and low severity.
+
+Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
+The uninitialized variables were reflected in the following functions:
+
+- bcdmp, called from [cac_list_compare_path](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-cac-common.c#L73)
+  - in function cac_parse_aid, code accesses path buffer by cac_list_compare_path, when function for selecting file fails (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-cac.c#L1296)
+  - found via fuzz_pkcs11, fuzz_pkcs15_decode
+- [cardos_lifecycle_get](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-cardos.c#L1288)
+  - incorrect check for error status leading into not propagating the error and usage of uninitialized value (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-cardos.c#L1284)
+  - found via fuzz_pkcs11
+- [sc_pkcs15_read_file](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/pkcs15.c#L2535)
+  - incorrect checking of return value in jpki_select_file (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-jpki.c#L196)
+  - found via fuzz_pkcs15_encode
+
+Affected versions: all before 0.26.0
+
+Originally reported by Matteo Marini (Sapienza University of Rome)
+
+CVSS:3.1[/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) (3.9)
diff --git a/CVE-2024-45618.md b/CVE-2024-45618.md
@@ -0,0 +1,22 @@
+# [CVE-2024-45618](https://nvd.nist.gov/vuln/detail/CVE-2024-45618): Uninitialized values after incorrect or missing checking return values of functions in pkcs15init
+
+The reported issues are part of the card enrollment process using the pkcs15-init tool.
+The attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs, so they are considered high complexity and low severity.
+
+Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
+The uninitialized variables were reflected in the following functions:
+
+- strlen, called from [set_string](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/sc.c#L252)
+  - no checking of return value in sc_pkcs15emu_tcos_init_ex (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/pkcs15-tcos.c#L536)
+- [sc_build_pin](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/sec.c#L281)
+  - missing error handling in sc_pkcs15init_verify_secret (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/pkcs15init/pkcs15-lib.c#L3831-L3841)
+  - found via fuzz_pkcs15init
+- DES_set_key_unchecked, called from [openssl_enc](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-epass2003.c#L295)
+  - missing error handling in sc_pkcs15init_verify_secret (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/pkcs15init/pkcs15-lib.c#L3831-L3841)
+  - found via fuzz_pkcs15init
+
+Affected versions: all before 0.26.0
+
+Originally reported by Matteo Marini (Sapienza University of Rome)
+
+CVSS:3.1[/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) (3.9)
diff --git a/CVE-2024-45619.md b/CVE-2024-45619.md
@@ -0,0 +1,34 @@
+# [CVE-2024-45619](https://nvd.nist.gov/vuln/detail/CVE-2024-45619):  Incorrect handling length of buffers or files in libopensc
+
+The reported issues are part of the libopensc library, which makes them accessible from OpenSC tools, PKCS#11 module, minidriver, or CTK.
+The attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs, so they are considered high complexity and low severity.
+
+When buffers are partially filled with data, uninitialized parts of the buffer can be incorrectly accessed.
+The uninitialized variables were reflected in the following functions:
+
+- [insert_cert](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/pkcs15-tcos.c#L70)
+  - missing check for empty read file (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/pkcs15-tcos.c#L65)
+  - found via fuzz_pkcs11, fuzz_pkcs15_crypt, fuzz_pkcs15_decode, fuzz_pkcs15_encode
+- [asn1_encode_path](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/asn1.c#L1219)
+  - function insert_cert accessing buffer after filled length (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/pkcs15-tcos.c#L70-L77)
+  - found via fuzz_pkcs15_encode
+- [gemsafe_get_cert_len](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/pkcs15-gemsafeV1.c#L252)
+  - accessing uninit(https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/iasecc-sdo.c#L763), [iasecc_se_parse](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/iasecc-sdo.c#L331)
+  - missing checks for accessing data buffer (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/iasecc-sdo.c#L764 and https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/iasecc-sdo.c#L322)
+  - found via fuzz_pkcs15init
+- [setcos_generate_key](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/pkcs15init/pkcs15-setcos.c#L511)
+  - missing check for data length (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/pkcs15init/pkcs15-setcos.c#L507)
+  - found via fuzz_pkcs15init
+- [sc_hsm_determine_free_id](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/pkcs15init/pkcs15-sc-hsm.c#L144)
+  - incorrect checking of file list length (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/pkcs15init/pkcs15-sc-hsm.c#L143)
+  - found via fuzz_pkcs15initialized part of buffer without checking actual buffer length (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/pkcs15-gemsafeV1.c#L180)
+  - found via fuzz_pkcs15_crypt, fuzz_pkcs15_decode
+- [coolkey_rsa_op](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-coolkey.c#L1771)
+  - missing check for length of buffer (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/card-coolkey.c#L1770)
+  - found via fuzz_pkcs15_reader
+
+Affected versions: all before 0.26.0
+
+Originally reported by Matteo Marini (Sapienza University of Rome)
+
+CVSS:3.1[/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) (3.9)
diff --git a/CVE-2024-45620.md b/CVE-2024-45620.md
@@ -0,0 +1,26 @@
+# [CVE-2024-45620](https://nvd.nist.gov/vuln/detail/CVE-2024-45620): Incorrect handling length of buffers or files in pkcs15init
+
+The reported issues are part of the card enrollment process using the pkcs15-init tool.
+The attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs, so they are considered high complexity and low severity.
+
+When buffers are partially filled with data, uninitialized parts of the buffer can be incorrectly accessed.
+The uninitialized variables were reflected in the following functions:
+
+- [starcos_write_pukey](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/pkcs15init/pkcs15-starcos.c#L683)
+  - lack of checking file length (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/pkcs15init/pkcs15-starcos.c#L671)
+  - found via fuzz_pkcs15init
+- [iasecc_sdo_parse](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/iasecc-sdo.c#L763), [iasecc_se_parse](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/iasecc-sdo.c#L331)
+  - missing checks for accessing data buffer (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/iasecc-sdo.c#L764 and https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/libopensc/iasecc-sdo.c#L322)
+  - found via fuzz_pkcs15init
+- [setcos_generate_key](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/pkcs15init/pkcs15-setcos.c#L511)
+  - missing check for data length (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/pkcs15init/pkcs15-setcos.c#L507)
+  - found via fuzz_pkcs15init
+- [sc_hsm_determine_free_id](https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/pkcs15init/pkcs15-sc-hsm.c#L144)
+  - incorrect checking of file list length (https://github.com/OpenSC/OpenSC/blob/d5a5b5428ef1b33c71057fd173e541cdc0273485/src/pkcs15init/pkcs15-sc-hsm.c#L143)
+  - found via fuzz_pkcs15init
+
+Affected versions: all before 0.26.0
+
+Originally reported by Matteo Marini (Sapienza University of Rome)
+
+CVSS:3.1[/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) (3.9)
diff --git a/OpenSC-security-advisories.md b/OpenSC-security-advisories.md
@@ -2,6 +2,13 @@
 
 Software often contains bugs, so does OpenSC. Be aware of the following security issues (in addition to overall [security considerations](Security-Considerations)) and upgrade to latest released version if needed.
 
+* 04.09.2024 Uninitialized memory issues have been identified in OpenSC
+  * [CVE-2024-45615](CVE-2024-45615): Usage of uninitialized values in libopensc and pkcs15init
+  * [CVE-2024-45616](CVE-2024-45616): Uninitialized values after incorrect check or usage of APDU response values in libopensc
+  * [CVE-2024-45617](CVE-2024-45617): Uninitialized values after incorrect or missing checking return values of functions in libopensc
+  * [CVE-2024-45618](CVE-2024-45618): Uninitialized values after incorrect or missing checking return values of functions in pkcs15init
+  * [CVE-2024-45619](CVE-2024-45619): Incorrect handling length of buffers or files in libopensc
+  * [CVE-2024-45620](CVE-2024-45620): Incorrect handling of the length of buffers or files in pkcs15init*
 * 13.02.2024 Heap use after free issue and vulnerability to Marvin attack have been identified in OpenSC
   * Side-channel leaks while stripping encryption PKCS#1.5 padding [CVE-2023-5992|](CVE-2023-5992)
   * Memory use after free in AuthentIC driver when updating token info [CVE-2024-1454](CVE-2024-1454)