Published: 06/11/2023 Updated: 23/12/2023

CVSS v3 Base Score: 6.4 | Impact Score: 5.9 | Exploitability Score: 0.5

VMScore: 0

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensc project opensc
redhat enterprise linux 8.0
redhat enterprise linux 9.0

Synopsis Moderate: opensc security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for opensc is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a secu ...

Synopsis Moderate: opensc security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for opensc is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a secu ...

Debian Bug report logs - #1055522 opensc: CVE-2023-40661 Package: src:opensc; Maintainer for src:opensc is Debian OpenSC Maintainers <pkg-opensc-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 7 Nov 2023 20:09:02 UTC Severity: important Tags: security, upstream Found ...

Debian Bug report logs - #1055521 opensc: CVE-2023-40660 Package: src:opensc; Maintainer for src:opensc is Debian OpenSC Maintainers <pkg-opensc-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 7 Nov 2023 20:00:02 UTC Severity: important Tags: security, upstream Found ...

Debian Bug report logs - #1055520 opensc: CVE-2023-4535 Package: src:opensc; Maintainer for src:opensc is Debian OpenSC Maintainers <pkg-opensc-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 7 Nov 2023 19:57:02 UTC Severity: important Tags: security, upstream Found ...

Potential PIN bypassWhen the token/card was plugged into the computer and authenticated from one process, it could be used to provide cryptographic operations from different process when the empty, zero-length PIN and the token can track the login status using some of its internals This is dangerous for OS logon/screen unlock and small tokens tha ...

Description This CVE is under investigation by Red Hat Product Security ...

CWE-119 https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 https://bugzilla.redhat.com/show_bug.cgi?id=2240913 https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 https://access.redhat.com/security/cve/CVE-2023-40661 https://lists.debian.org/debian-lts-announce/2023/11/msg00024.html http://www.openwall.com/lists/oss-security/2023/12/13/3 https://access.redhat.com/errata/RHSA-2023:7876 https://access.redhat.com/errata/RHSA-2023:7879 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/https://access.redhat.com/errata/RHSA-2023:7876 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2023-2323.html

CVE-2023-40661

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect