{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-24031", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-01-16T17:31:06.460Z", "datePublished": "2025-02-10T15:38:39.876Z", "dateUpdated": "2025-02-10T15:50:52.981Z"}, "containers": {"cna": {"title": "PAM-PKCS#11 vulnerable to segmentation fault on ctrl-c/ctrl-d when asked for PIN", "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "lang": "en", "description": "CWE-476: NULL Pointer Dereference", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L", "version": "4.0"}}], "references": [{"name": "https://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-wvr3-c9x3-9mff", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-wvr3-c9x3-9mff"}, {"name": "https://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fdf44b0d5a4b377db3179021380/src/pam_pkcs11/pam_pkcs11.c#L211", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fdf44b0d5a4b377db3179021380/src/pam_pkcs11/pam_pkcs11.c#L211"}, {"name": "https://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fdf44b0d5a4b377db3179021380/src/pam_pkcs11/pam_pkcs11.c#L797", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fdf44b0d5a4b377db3179021380/src/pam_pkcs11/pam_pkcs11.c#L797"}], "affected": [{"vendor": "OpenSC", "product": "pam_pkcs11", "versions": [{"version": "<= 0.6.12", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-02-10T15:38:39.876Z"}, "descriptions": [{"lang": "en", "value": "PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pam_pkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, `pam_get_pwd` will never initialize the password buffer pointer and as such `cleanse` will try to dereference an uninitialized pointer. On my system this pointer happens to have the value 3 most of the time when running sudo and as such it will segfault. The most likely impact to a system affected by this issue is an availability impact due to a daemon that uses PAM crashing. As of time of publication, a patch for the issue is unavailable."}], "source": {"advisory": "GHSA-wvr3-c9x3-9mff", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-wvr3-c9x3-9mff", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-10T15:50:34.830337Z", "id": "CVE-2025-24031", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-10T15:50:52.981Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24031", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-10T15:50:34.830337Z"}}}], "references": [{"url": "https://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-wvr3-c9x3-9mff", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-10T15:50:43.494Z"}}], "cna": {"title": "PAM-PKCS#11 vulnerable to segmentation fault on ctrl-c/ctrl-d when asked for PIN", "source": {"advisory": "GHSA-wvr3-c9x3-9mff", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "OpenSC", "product": "pam_pkcs11", "versions": [{"status": "affected", "version": "<= 0.6.12"}]}], "references": [{"url": "https://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-wvr3-c9x3-9mff", "name": "https://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-wvr3-c9x3-9mff", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fdf44b0d5a4b377db3179021380/src/pam_pkcs11/pam_pkcs11.c#L211", "name": "https://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fdf44b0d5a4b377db3179021380/src/pam_pkcs11/pam_pkcs11.c#L211", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fdf44b0d5a4b377db3179021380/src/pam_pkcs11/pam_pkcs11.c#L797", "name": "https://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fdf44b0d5a4b377db3179021380/src/pam_pkcs11/pam_pkcs11.c#L797", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pam_pkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, `pam_get_pwd` will never initialize the password buffer pointer and as such `cleanse` will try to dereference an uninitialized pointer. On my system this pointer happens to have the value 3 most of the time when running sudo and as such it will segfault. The most likely impact to a system affected by this issue is an availability impact due to a daemon that uses PAM crashing. As of time of publication, a patch for the issue is unavailable."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-02-10T15:38:39.876Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24031", "state": "PUBLISHED", "dateUpdated": "2025-02-10T15:50:52.981Z", "dateReserved": "2025-01-16T17:31:06.460Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-02-10T15:38:39.876Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pam_pkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, `pam_get_pwd` will never initialize the password buffer pointer and as such `cleanse` will try to dereference an uninitialized pointer. On my system this pointer happens to have the value 3 most of the time when running sudo and as such it will segfault. The most likely impact to a system affected by this issue is an availability impact due to a daemon that uses PAM crashing. As of time of publication, a patch for the issue is unavailable."}], "id": "CVE-2025-24031", "lastModified": "2025-02-10T16:15:38.990", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-02-10T16:15:38.990", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fdf44b0d5a4b377db3179021380/src/pam_pkcs11/pam_pkcs11.c#L211"}, {"source": "security-advisories@github.com", "url": "https://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fdf44b0d5a4b377db3179021380/src/pam_pkcs11/pam_pkcs11.c#L797"}, {"source": "security-advisories@github.com", "url": "https://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-wvr3-c9x3-9mff"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-wvr3-c9x3-9mff"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "pam_pkcs11: PAM-PKCS#11 vulnerable to segmentation fault on ctrl-c/ctrl-d when asked for PIN", "id": "2344665", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344665"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-476", "details": ["PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pam_pkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, `pam_get_pwd` will never initialize the password buffer pointer and as such `cleanse` will try to dereference an uninitialized pointer. On my system this pointer happens to have the value 3 most of the time when running sudo and as such it will segfault. The most likely impact to a system affected by this issue is an availability impact due to a daemon that uses PAM crashing. As of time of publication, a patch for the issue is unavailable.", "A flaw was found in the pam_pkcs11 Linux-PAM login module. A segmentation fault condition may be triggered in certain versions when a user presses ctrl-c/ctrl-d when asked for a PIN. When a user does not enter a PIN, `pam_get_pwd` will never initialize the password buffer pointer, and `cleanse` will try to dereference an uninitialized pointer. This issue may lead to an application crash or other unintended behavior."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-24031", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "pam_pkcs11", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "pam_pkcs11", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2025-02-10T15:38:39Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-24031\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-24031\nhttps://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fdf44b0d5a4b377db3179021380/src/pam_pkcs11/pam_pkcs11.c#L211\nhttps://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fdf44b0d5a4b377db3179021380/src/pam_pkcs11/pam_pkcs11.c#L797\nhttps://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-wvr3-c9x3-9mff"], "threat_severity": "Moderate"}