Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-4535

Published: 06/11/2023 Updated: 23/02/2024
CVSS v3 Base Score: 3.8 | Impact Score: 3.4 | Exploitability Score: 0.4
VMScore: 0
Subscribe to Opensc

Vulnerability Summary

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an malicious user to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the malicious user to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.

Vulnerable Product Search on Vulmon Subscribe to Product

opensc project opensc 0.23.0

redhat enterprise linux 9.0

fedoraproject fedora 38

fedoraproject fedora 39

Vendor Advisories

Red Hat: Moderate: opensc security update
Synopsis Moderate: opensc security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for opensc is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a secu ...
Debian CVElist Bug Report Logs: opensc: CVE-2023-40661
Debian Bug report logs - #1055522 opensc: CVE-2023-40661 Package: src:opensc; Maintainer for src:opensc is Debian OpenSC Maintainers <pkg-opensc-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 7 Nov 2023 20:09:02 UTC Severity: important Tags: security, upstream Found ...
Debian CVElist Bug Report Logs: opensc: CVE-2023-40660
Debian Bug report logs - #1055521 opensc: CVE-2023-40660 Package: src:opensc; Maintainer for src:opensc is Debian OpenSC Maintainers <pkg-opensc-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 7 Nov 2023 20:00:02 UTC Severity: important Tags: security, upstream Found ...
Debian CVElist Bug Report Logs: opensc: CVE-2023-4535
Debian Bug report logs - #1055520 opensc: CVE-2023-4535 Package: src:opensc; Maintainer for src:opensc is Debian OpenSC Maintainers <pkg-opensc-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 7 Nov 2023 19:57:02 UTC Severity: important Tags: security, upstream Found ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...

References

CWE-125https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisorieshttps://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651https://bugzilla.redhat.com/show_bug.cgi?id=2240914https://access.redhat.com/security/cve/CVE-2023-4535https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2https://access.redhat.com/errata/RHSA-2023:7879https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/https://access.redhat.com/errata/RHSA-2023:7879https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-4535
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-codedCVE-2024-27202NULL pointer dereferenceCVE-2024-28075CVE-2024-33608CVE-2024-28889CVE-2024-34572template injectionCVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook