Bug 2240914 (CVE-2023-4535)
| Summary: | CVE-2023-4535 OpenSC: out-of-bounds read in MyEID driver handling encryption using symmetric keys | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | TEJ RATHI <trathi> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | jjelen |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | OpenSC 0.24.0-rc1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2248101 | ||
| Bug Blocks: | 2240943 | ||
|
Description
TEJ RATHI
2023-09-27 08:41:17 UTC
Created opensc tracking bugs for this issue: Affects: fedora-all [bug 2248101] This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:7879 https://access.redhat.com/errata/RHSA-2023:7879 |