Untriaged
Permalink
CVE-2023-4535
4.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): PHYSICAL
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): LOW
Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys
An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.
References
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry
- RHBZ#2240914 issue-tracking x_refsource_REDHAT
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry
- RHBZ#2240914 issue-tracking x_refsource_REDHAT
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry
- RHBZ#2240914 issue-tracking x_refsource_REDHAT
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry
- RHBZ#2240914 issue-tracking x_refsource_REDHAT
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2240914 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 x_transferred
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 x_transferred
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 x_transferred
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry
- RHBZ#2240914 issue-tracking x_refsource_REDHAT
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2240914 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 x_transferred
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 x_transferred
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 x_transferred
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry
- RHBZ#2240914 issue-tracking x_refsource_REDHAT
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2240914 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 x_transferred
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 x_transferred
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 x_transferred
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry
- RHBZ#2240914 issue-tracking x_refsource_REDHAT
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2240914 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 x_transferred
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 x_transferred
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 x_transferred
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry
- RHBZ#2240914 issue-tracking x_refsource_REDHAT
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2240914 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 x_transferred
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 x_transferred
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 x_transferred
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry
- RHBZ#2240914 issue-tracking x_refsource_REDHAT
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2240914 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 x_transferred
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 x_transferred
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 x_transferred
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry
- RHBZ#2240914 issue-tracking x_refsource_REDHAT
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 x_transferred
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 x_transferred
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 x_transferred
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2240914 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry
- RHBZ#2240914 issue-tracking x_refsource_REDHAT
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2240914 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 x_transferred
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 x_transferred
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 x_transferred
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry
- RHBZ#2240914 issue-tracking x_refsource_REDHAT
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories
- RHSA-2023:7879 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2023-4535 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2240914 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 x_transferred
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 x_transferred
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 x_transferred
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
Affected products
OpenSC
- ==0.24.0-rc1
opensc
- *
Matching in nixpkgs
pkgs.opensc
Set of libraries and utilities to access smart cards
-
nixos-unstable -
- nixpkgs-unstable 0.26.1
pkgs.openscad-lsp
LSP (Language Server Protocol) server for OpenSCAD
-
nixos-unstable -
- nixpkgs-unstable 2.0.1
pkgs.openscenegraph
3D graphics toolkit
-
nixos-unstable -
- nixpkgs-unstable 3.6.5
pkgs.openscad-unstable
3D parametric model compiler (unstable)
-
nixos-unstable -
- nixpkgs-unstable 2025-06-04
pkgs.kakounePlugins.openscad-kak
None
-
nixos-unstable -
- nixpkgs-unstable 2020-12-10
pkgs.vscode-extensions.antyos.openscad
OpenSCAD highlighting, snippets, and more for VSCode
-
nixos-unstable -
- nixpkgs-unstable 1.3.2
Package maintainers
-
@michaeladler Michael Adler <therisen06@gmail.com>
-
@bjornfor Bjørn Forsman <bjorn.forsman@gmail.com>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
-
@Curious-r Curious <curious@curious.host>
-
@c-h-johnson Charles Johnson <charles@charlesjohnson.name>
-
@pca006132 pca006132 <john.lck40@gmail.com>
-
@Tochiaha Tochukwu Ahanonu <tochiahan@proton.me>
-
@aanderse Aaron Andersen <aaron@fosslib.net>