UBUNTU-CVE-2023-4535

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-4535

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-4535.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-4535

Related

CVE-2023-4535

Published

2023-11-06T17:15:00Z

Modified

2024-10-15T14:11:48Z

Severity

3.8 (Low) CVSS_V3 - CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.

References

Affected packages

Ubuntu:Pro:16.04:LTS / opensc

Package

Name: opensc
Purl: pkg:deb/ubuntu/opensc?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.15.0-1ubuntu1

0.15.0-1ubuntu1+esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / opensc

Package

Name: opensc
Purl: pkg:deb/ubuntu/opensc?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.17.0-1

0.17.0-2

0.17.0-2build1

0.17.0-3

0.17.0-3ubuntu0.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / opensc

Package

Name: opensc
Purl: pkg:deb/ubuntu/opensc?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.19.0-2

0.20.0-1

0.20.0-2

0.20.0-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / opensc

Package

Name: opensc
Purl: pkg:deb/ubuntu/opensc?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.21.0-1ubuntu1

0.22.0-1ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / opensc

Package

Name: opensc
Purl: pkg:deb/ubuntu/opensc?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.25.0~rc1-1build2

0.25.1-1

0.25.1-2ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / opensc

Package

Name: opensc
Purl: pkg:deb/ubuntu/opensc?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.23.0-1ubuntu4

0.24.0~rc1-1

0.25.0~rc1-1

0.25.0~rc1-1build1

0.25.0~rc1-1build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}