AZL-35076

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-35076.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-35076

Upstream

CVE-2023-4535

Published

2023-11-06T17:15:12Z

Modified

2026-04-21T04:27:47.526328Z

Severity

3.8 (Low) CVSS_V3 - CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator

Summary

CVE-2023-4535 affecting package opensc for versions less than 0.25.1-3

Details

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-4535

Affected packages

Azure Linux:3 / opensc

Package

Name: opensc
Purl: pkg:rpm/azure-linux/opensc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.25.1-3

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-35076.json"