Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-4535

Опубликовано: 06 нояб. 2023
Источник: nvd
CVSS3: 4.5
CVSS3: 3.8
EPSS Низкий

Описание

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:opensc_project:opensc:0.23.0:-:*:*:*:*:*:*
cpe:2.3:a:opensc_project:opensc:0.23.0:rc1:*:*:*:*:*:*
cpe:2.3:a:opensc_project:opensc:0.23.0:rc2:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 42%
0.00199
Низкий

4.5 Medium

CVSS3

3.8 Low

CVSS3

Дефекты

CWE-125
CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2023-4535

CVSS3: 4.5
ubuntu
больше 1 года назад

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.

redhat логотип

CVE-2023-4535

CVSS3: 4.5
redhat
почти 2 года назад

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.

msrc логотип

CVE-2023-4535

CVSS3: 3.8
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2023-4535

CVSS3: 4.5
debian
больше 1 года назад

An out-of-bounds read vulnerability was found in OpenSC packages withi ...

github логотип

GHSA-phh2-j3h6-vqr9

CVSS3: 4.5
github
больше 1 года назад

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.

EPSS

Процентиль: 42%
0.00199
Низкий

4.5 Medium

CVSS3

3.8 Low

CVSS3

Дефекты

CWE-125
CWE-125