CVE-2023-4535

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-4535
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4535.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-4535
Related
Published
2023-11-06T17:15:12Z
Modified
2024-09-18T03:25:39.016195Z
Severity
  • 3.8 (Low) CVSS_V3 - CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.

References

Affected packages

Debian:12 / opensc

Package

Name
opensc
Purl
pkg:deb/debian/opensc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.0-0.3+deb12u1

Affected versions

0.*

0.23.0-0.3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / opensc

Package

Name
opensc
Purl
pkg:deb/debian/opensc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.0-2

Affected versions

0.*

0.23.0-0.3
0.23.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/opensc/opensc

Affected ranges

Type
GIT
Repo
https://github.com/opensc/opensc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.12.2
0.12.2-rc1
0.13.0
0.13.0pre1
0.13.0rc1
0.14.0
0.14.0rc2
0.14.0rtm
0.15.0
0.16.0
0.16.0-rc1
0.16.0-rc2
0.17.0
0.17.0-rc1
0.17.0-rc2
0.18.0
0.18.0-rc1
0.18.0-rc2
0.19.0
0.19.0-rc1
0.20.0
0.20.0-rc1
0.20.0-rc2
0.20.0-rc3
0.20.0-rc4
0.21.0
0.21.0-rc1
0.21.0-rc2
0.22.0
0.22.0-rc1
0.22.0-rc2
0.23.0
0.23.0-rc1
0.23.0-rc2

v0.*

v0.12.2
v0.16.0-pre1