5.9
CVE-2023-5992
- EPSS 1.16%
- Veröffentlicht 31.01.2024 14:15:48
- Zuletzt bearbeitet 03.11.2025 22:16:32
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Opensc: side-channel leaks while stripping encryption pkcs#1 padding
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opensc Project ≫ Opensc Version < 0.25.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Eus Version9.4
Redhat ≫ Enterprise Linux For Arm 64 Version8.0_aarch64
Redhat ≫ Enterprise Linux For Arm 64 Version9.0_aarch64
Redhat ≫ Enterprise Linux For Arm 64 Eus Version9.4_aarch64
Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Version9.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.4_s390x
Redhat ≫ Enterprise Linux For Power Little Endian Version9.0_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.4_ppc64le
Redhat ≫ Enterprise Linux Server Aus Version9.4
Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version9.2
Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version9.4_ppc64le
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.16% | 0.629 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| secalert@redhat.com | 5.6 | 2.2 | 3.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-203 Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
https://access.redhat.com/errata/RHSA-2024:0966
https://access.redhat.com/errata/RHSA-2024:0967
https://access.redhat.com/security/cve/CVE-2023-5992
https://bugzilla.redhat.com/show_bug.cgi?id=2248685
https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992
https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html