CVE-2023-5992

A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:0966
https://access.redhat.com/errata/RHSA-2024:0967
https://access.redhat.com/security/cve/CVE-2023-5992	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2248685	Issue Tracking
https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992	Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/

Configurations

Configuration 1 (hide)

cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

History

23 Mar 2024, 03:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/ -

16 Mar 2024, 03:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/ -

16 Mar 2024, 02:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/ -

26 Feb 2024, 16:27

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:0966 - () https://access.redhat.com/errata/RHSA-2024:0967 -

14 Feb 2024, 14:16

Type	Values Removed	Values Added
CWE	~~CWE-200~~

09 Feb 2024, 01:00

Type	Values Removed	Values Added
CWE		CWE-203
First Time		Redhat enterprise Linux Opensc Project Opensc Project opensc Redhat
Summary		(es) Se encontró una vulnerabilidad en OpenSC donde la eliminación del relleno de cifrado PKCS#1 no se implementa como resistente al canal lateral. Este problema puede resultar en una posible filtración de datos privados.
References	~~() https://access.redhat.com/security/cve/CVE-2023-5992 -~~	() https://access.redhat.com/security/cve/CVE-2023-5992 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2248685 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2248685 - Issue Tracking
References	~~() https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 -~~	() https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~5.6~~	v2 : unknown v3 : 5.9
CPE		cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:a:opensc_project:opensc:::::::: cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

31 Jan 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-31 14:15

Updated : 2024-03-23 03:15

NVD link : CVE-2023-5992

Mitre link : CVE-2023-5992

CVE.ORG link : CVE-2023-5992

JSON object : View

Products Affected

opensc_project

opensc

redhat

enterprise_linux

CWE

CWE-203

Observable Discrepancy

5.9 /10