Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-4535

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.

Published

2023-11-06T17:15:12.083

Last Modified

2024-11-21T08:35:21.943

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-125
Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	opensc_project	opensc	0.23.0	Yes
Application	opensc_project	opensc	0.23.0	Yes
Application	opensc_project	opensc	0.23.0	Yes
Operating System	fedoraproject	fedora	38	Yes
Operating System	fedoraproject	fedora	39	Yes
Operating System	redhat	enterprise_linux	9.0	Yes

References

https://access.redhat.com/errata/RHSA-2023:7879 Third Party Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2023-4535 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2240914 Issue Tracking ([email protected])
https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 Patch ([email protected])
https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 Issue Tracking, Patch ([email protected])
https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 Release Notes ([email protected])
https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:7879 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2023-4535 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2240914 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/ (af854a3a-2127-422b-91ae-364da2661108)