4.5
CVE-2023-4535
- EPSS 0.22%
- Published 06.11.2023 17:15:12
- Last modified 21.11.2024 08:35:21
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.
Data is provided by the National Vulnerability Database (NVD)
Opensc Project ≫ Opensc Version0.23.0 Update-
Opensc Project ≫ Opensc Version0.23.0 Updaterc1
Opensc Project ≫ Opensc Version0.23.0 Updaterc2
Fedoraproject ≫ Fedora Version38
Fedoraproject ≫ Fedora Version39
Redhat ≫ Enterprise Linux Version9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.443 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 3.8 | 0.4 | 3.4 |
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
|
| secalert@redhat.com | 4.5 | 0.4 | 3.7 |
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.