PRIOn knowledge basePRION:CVE-2023-4535

HistoryNov 06, 2023 - 5:15 p.m.

Cross site scripting

2023-11-0617:15:00

PRIOn knowledge base

www.prio-n.com

opensc

myeid

out-of-bounds read

vulnerability

symmetric key encryption

unauthorized access

sensitive data

system security

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.1%

JSON

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system’s security.

CPENameOperatorVersion
fedoraeq38
fedoraeq39
opensceq0.23.0
opensceq0.23.0 rc2
opensceq0.23.0 rc1
enterprise_linuxeq9.0

Name	Operator	Version
fedora	eq	38
fedora	eq	39
opensc	eq	0.23.0
opensc	eq	0.23.0 rc2
opensc	eq	0.23.0 rc1
enterprise_linux	eq	9.0

References

access.redhat.com/errata/RHSA-2023:7879

access.redhat.com/security/cve/CVE-2023-4535

bugzilla.redhat.com/show_bug.cgi?id=2240914

github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2

github.com/OpenSC/OpenSC/issues/2792

github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1

github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories

lists.fedoraproject.org/archives/list/[email protected]/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/

lists.fedoraproject.org/archives/list/[email protected]/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/