An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
23 Feb 2024, 20:13
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Fedoraproject fedora |
|
CPE | cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:a:opensc_project:opensc:0.23.0:rc1:*:*:*:*:*:* cpe:2.3:a:opensc_project:opensc:0.23.0:-:*:*:*:*:*:* cpe:2.3:a:opensc_project:opensc:0.23.0:rc2:*:*:*:*:*:* |
|
References | () https://access.redhat.com/errata/RHSA-2023:7879 - Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/ - Mailing List | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/ - Mailing List |
23 Dec 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Dec 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Dec 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Nov 2023, 17:11
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:* |
|
First Time |
Redhat
Opensc Project Opensc Project opensc Redhat enterprise Linux |
|
References | (MISC) https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 - Release Notes | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2240914 - Issue Tracking | |
References | (MISC) https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories - Vendor Advisory | |
References | (MISC) https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 - Patch | |
References | (MISC) https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 - Issue Tracking, Patch | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-4535 - Third Party Advisory | |
CWE | CWE-125 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.8 |
06 Nov 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-06 17:15
Updated : 2024-02-23 20:13
NVD link : CVE-2023-4535
Mitre link : CVE-2023-4535
CVE.ORG link : CVE-2023-4535
JSON object : View
Products Affected
redhat
- enterprise_linux
opensc_project
- opensc
fedoraproject
- fedora
CWE
CWE-125
Out-of-bounds Read