CVE 2023 4535
Jakub Jelen edited this page Oct 8, 2023
·
1 revision
CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys
This issue require physical access to the computer running opensc and crafted USB device or smart card that would present the system with specially crafted responses to the APDUs so they are considered a high-complexity and low-severity.
This issue is in the code handling symmetric keys, which are not widely used for example for desktop login so most of the deployments are not affected.
- CID 380538: Out-of-bounds read in MyEID handling of encryption using symmetric keys.
- Fixed with f1993dc4e0b33050b8f72a3558ee88b24c4063b2
Originally reported by coverity
CVSS:3.0AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L (4.5)
Warning: Due to attempts to plant malicious links to our wiki, it is no longer open to anyone to edit. If you want to contribute to this, wiki, please open a pull request here: https://github.com/OpenSC/Wiki