CVE-2009-1603

src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
opensc-projectopensc
0.11.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
opensc
bullseye
0.21.0-1
fixed
etch
not-affected
lenny
not-affected
bookworm
0.23.0-0.3+deb12u1
fixed
sid
0.25.1-2
fixed
trixie
0.25.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
opensc
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
ignored
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
dapper
not-affected
Common Weakness Enumeration
References
http://secunia.com/advisories/35035
http://secunia.com/advisories/35293
http://secunia.com/advisories/35309
http://secunia.com/advisories/36074
http://security.gentoo.org/glsa/glsa-200908-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:123
http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html
http://www.openwall.com/lists/oss-security/2009/05/08/1
http://www.vupen.com/english/advisories/2009/1295
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html
http://secunia.com/advisories/35035
http://secunia.com/advisories/35293
http://secunia.com/advisories/35309
http://secunia.com/advisories/36074
http://security.gentoo.org/glsa/glsa-200908-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:123
http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html
http://www.openwall.com/lists/oss-security/2009/05/08/1
http://www.vupen.com/english/advisories/2009/1295
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html