CVE: CVE-2023-40661

Descrizione: Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment.

Vettore di attacco CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Riferimenti esterni

• https://access.redhat.com/errata/RHSA-2023:7876
• https://access.redhat.com/errata/RHSA-2023:7879
• https://access.redhat.com/security/cve/CVE-2023-40661
• https://bugzilla.redhat.com/show_bug.cgi?id=2240913
• https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
• https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1
• https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories

Prodotti interessati

• Sconosciuto – Sconosciuto
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 7

Relazioni con altri prodotti

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 7
Anno: 2023
CWE: CWE-119
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8
Anno: 2023
CWE: CWE-119
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 9
Anno: 2023
CWE: CWE-119
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2023)