CVE-2018-4301

Critical

Published: 08 January 2025

Published

08 January 2025

Modified

29 July 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0043 62.7th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

This issue is fixed in SCSSU-201801. A potential stack based buffer overflow existed in GemaltoKeyHandle.cpp.

Security Summary

CVE-2018-4301 is a stack-based buffer overflow vulnerability (CWE-120) in the GemaltoKeyHandle.cpp component. It affects Smart Card Services software, with the issue addressed in the SCSSU-201801 update. The vulnerability carries a CVSS v3.1 base score of 9.8, reflecting its critical severity due to network accessibility, low attack complexity, and no requirements for privileges or user interaction.

An unauthenticated remote attacker could exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation would allow the attacker to achieve high impacts on confidentiality, integrity, and availability, potentially leading to arbitrary code execution and full system compromise.

The advisory at https://smartcardservices.github.io/security/ documents the fix in SCSSU-201801, recommending affected users apply this update to mitigate the buffer overflow risk.

Details

CWE(s): CWE-120

Affected Products

apple

smart card services

≤ scssu-201801

References

https://smartcardservices.github.io/security/
Third Party Advisory · product-security@apple.com