TROYANOSYVIRUS
Voltar para CVEs

CVE-2023-40661

MEDIUM
5.4

Descricao

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment.

Detalhes CVE

Pontuacao CVSS v3.15.4
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Vetor de ataquePHYSICAL
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado11/6/2023
Ultima modificacao11/3/2025
Fontenvd
Avistamentos honeypot0

Produtos afetados

opensc_project:openscredhat:enterprise_linux

Fraquezas (CWE)

CWE-119CWE-119

Referencias

https://access.redhat.com/errata/RHSA-2023:7876(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2023:7879(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2023-40661(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2240913(secalert@redhat.com)
https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651(secalert@redhat.com)
https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1(secalert@redhat.com)
https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2023/12/13/3(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:7876(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:7879(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2023-40661(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2240913(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/11/msg00024.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.