CVE-2023-2977 — HIGH (7.1) — White Hats Nepal

Vulnerability Description

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Opensc Project	Opensc	0.23.0
Redhat	Enterprise Linux	8.0

Related Weaknesses (CWE)

CWE-119 CWE-125

References

https://access.redhat.com/security/cve/CVE-2023-2977Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2211088Issue TrackingThird Party Advisory
https://github.com/OpenSC/OpenSC/issues/2785Issue TrackingPatch
https://github.com/OpenSC/OpenSC/pull/2787Patch
https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://access.redhat.com/security/cve/CVE-2023-2977Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2211088Issue TrackingThird Party Advisory
https://github.com/OpenSC/OpenSC/issues/2785Issue TrackingPatch
https://github.com/OpenSC/OpenSC/pull/2787Patch
https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro

FAQ

What is CVE-2023-2977?

CVE-2023-2977 is a vulnerability with a CVSS score of 7.1 (HIGH). A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 con...

How severe is CVE-2023-2977?

CVE-2023-2977 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-2977?

Check the references section above for vendor advisories and patch information. Affected products include: Opensc Project Opensc, Redhat Enterprise Linux.