CVE-2023-2977
opensc: buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.
A vulnerability was found in OpenSC. This issue causes a buffer overrun in the pkcs15 cardos_have_verifyrc_package. This flaw allows an attacker to supply a smart card package with a malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for two tags, where the remaining length is wrongly calculated due to a moved starting pointer, leading to a possible heap-based buffer out-of-bounds read. In cases where ASN is enabled while compiling, this problem causes a crash, and further information leaks or more damage is likely.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-05-30 CVE Reserved
- 2023-06-01 CVE Published
- 2024-08-02 CVE Updated
- 2024-09-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-125: Out-of-bounds Read
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/OpenSC/OpenSC/issues/2785 | 2023-11-07 | |
https://github.com/OpenSC/OpenSC/pull/2787 | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Opensc Project Search vendor "Opensc Project" | Opensc Search vendor "Opensc Project" for product "Opensc" | 0.23.0 Search vendor "Opensc Project" for product "Opensc" and version "0.23.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Affected
|