CVE-2023-40661

06.11.2023, 17:15

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow 
compromise key generation, certificate loading, and other card management operations during enrollment.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.4 MEDIUM	PHYSICAL	LOW	NONE	CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
redhat	CNA	5.4 MEDIUM	PHYSICAL	LOW	NONE	CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 53%

Vendor	Product	Version
opensc_project	opensc	𝑥 ≤ 0.23.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

opensc

bullseye	vulnerable
bullseye (security)	0.21.0-1+deb11u1 fixed
bookworm	0.23.0-0.3+deb12u1 fixed
trixie	0.26.0-1 fixed
sid	0.26.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

opensc

oracular	needs-triage
noble	needs-triage
mantic	ignored
lunar	ignored
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	ignored

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

https://access.redhat.com/errata/RHSA-2023:7876

https://access.redhat.com/errata/RHSA-2023:7879

https://access.redhat.com/security/cve/CVE-2023-40661

https://bugzilla.redhat.com/show_bug.cgi?id=2240913

https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651

https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1

https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories

http://www.openwall.com/lists/oss-security/2023/12/13/3

https://access.redhat.com/errata/RHSA-2023:7876

https://access.redhat.com/errata/RHSA-2023:7879

https://access.redhat.com/security/cve/CVE-2023-40661

https://bugzilla.redhat.com/show_bug.cgi?id=2240913

https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651

https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1

https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories

https://lists.debian.org/debian-lts-announce/2023/11/msg00024.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/