Vulnerability Description
An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensc Project | Opensc | 0.23.0 |
| Fedoraproject | Fedora | 38 |
| Redhat | Enterprise Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2023:7879Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2023-4535Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2240914Issue Tracking
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2Patch
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651Issue TrackingPatch
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1Release Notes
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisoriesVendor Advisory
- https://access.redhat.com/errata/RHSA-2023:7879Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2023-4535Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2240914Issue Tracking
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2Patch
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651Issue TrackingPatch
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1Release Notes
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisoriesVendor Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]
FAQ
What is CVE-2023-4535?
CVE-2023-4535 is a vulnerability with a CVSS score of 4.5 (MEDIUM). An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to th...
How severe is CVE-2023-4535?
CVE-2023-4535 has been rated MEDIUM with a CVSS base score of 4.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-4535?
Check the references section above for vendor advisories and patch information. Affected products include: Opensc Project Opensc, Fedoraproject Fedora, Redhat Enterprise Linux.