CVE-2023-4535

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:opensc_project:opensc:0.23.0:-:*:*:*:*:*:*
cpe:2.3:a:opensc_project:opensc:0.23.0:rc1:*:*:*:*:*:*
cpe:2.3:a:opensc_project:opensc:0.23.0:rc2:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

History

16 Sep 2024, 17:16

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/', 'tags': ['Mailing List'], 'source': 'secalert@redhat.com'}

23 Feb 2024, 20:13

Type Values Removed Values Added
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/ - Mailing List
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/ - Mailing List
References () https://access.redhat.com/errata/RHSA-2023:7879 - () https://access.redhat.com/errata/RHSA-2023:7879 - Third Party Advisory
First Time Fedoraproject fedora
Fedoraproject
CPE cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:* cpe:2.3:a:opensc_project:opensc:0.23.0:-:*:*:*:*:*:*
cpe:2.3:a:opensc_project:opensc:0.23.0:rc1:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:a:opensc_project:opensc:0.23.0:rc2:*:*:*:*:*:*

23 Dec 2023, 05:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/ -

22 Dec 2023, 04:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/ -

19 Dec 2023, 16:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7879 -

14 Nov 2023, 17:11

Type Values Removed Values Added
References (MISC) https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 - (MISC) https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 - Release Notes
References (MISC) https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 - (MISC) https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 - Issue Tracking, Patch
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2240914 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2240914 - Issue Tracking
References (MISC) https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories - (MISC) https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories - Vendor Advisory
References (MISC) https://access.redhat.com/security/cve/CVE-2023-4535 - (MISC) https://access.redhat.com/security/cve/CVE-2023-4535 - Third Party Advisory
References (MISC) https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 - (MISC) https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 - Patch
CWE CWE-125
CPE cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 3.8
First Time Opensc Project opensc
Opensc Project
Redhat enterprise Linux
Redhat

06 Nov 2023, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-06 17:15

Updated : 2024-09-16 17:16


NVD link : CVE-2023-4535

Mitre link : CVE-2023-4535

CVE.ORG link : CVE-2023-4535


JSON object : View

Products Affected

opensc_project

  • opensc

redhat

  • enterprise_linux

fedoraproject

  • fedora
CWE
CWE-125

Out-of-bounds Read