4.5
CVE-2023-4535
- EPSS 0.22%
- Veröffentlicht 06.11.2023 17:15:12
- Zuletzt bearbeitet 21.11.2024 08:35:21
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opensc Project ≫ Opensc Version0.23.0 Update-
Opensc Project ≫ Opensc Version0.23.0 Updaterc1
Opensc Project ≫ Opensc Version0.23.0 Updaterc2
Fedoraproject ≫ Fedora Version38
Fedoraproject ≫ Fedora Version39
Redhat ≫ Enterprise Linux Version9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.443 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.8 | 0.4 | 3.4 |
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
|
| secalert@redhat.com | 4.5 | 0.4 | 3.7 |
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.