CVE-2023-4535
Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.
Se encontró una vulnerabilidad de lectura fuera de los límites en los paquetes OpenSC dentro del controlador MyEID al manejar el cifrado de clave simétrica. Explotar esta falla requiere que un atacante tenga acceso físico a la computadora y a un dispositivo USB o tarjeta inteligente especialmente manipulado. Esta falla permite al atacante manipular las respuestas de APDU y potencialmente obtener acceso no autorizado a datos confidenciales, comprometiendo la seguridad del sistema.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-08-25 CVE Reserved
- 2023-11-06 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (9)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 | 2024-02-23 | |
| https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 | 2024-02-23 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:7879 | 2024-02-23 | |
| https://access.redhat.com/security/cve/CVE-2023-4535 | 2023-12-19 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2240914 | 2023-12-19 | |
| https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories | 2024-02-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opensc Project Search vendor "Opensc Project" | Opensc Search vendor "Opensc Project" for product "Opensc" | 0.23.0 Search vendor "Opensc Project" for product "Opensc" and version "0.23.0" | - |
Affected
| ||||||
| Opensc Project Search vendor "Opensc Project" | Opensc Search vendor "Opensc Project" for product "Opensc" | 0.23.0 Search vendor "Opensc Project" for product "Opensc" and version "0.23.0" | rc1 |
Affected
| ||||||
| Opensc Project Search vendor "Opensc Project" | Opensc Search vendor "Opensc Project" for product "Opensc" | 0.23.0 Search vendor "Opensc Project" for product "Opensc" and version "0.23.0" | rc2 |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 38 Search vendor "Fedoraproject" for product "Fedora" and version "38" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 39 Search vendor "Fedoraproject" for product "Fedora" and version "39" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Affected
| ||||||