CVE-2023-40661

EUVD-2023-45217

06.11.2023, 17:15

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow 
compromise key generation, certificate loading, and other card management operations during enrollment.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.4 MEDIUM	PHYSICAL	LOW	NONE	CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
redhat	CNA	5.4 MEDIUM	PHYSICAL	LOW	NONE	CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 54%

Affected Products (NVD)

Vendor	Product	Version
opensc_project	opensc	𝑥 ≤ 0.23.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

opensc

bookworm	0.23.0-0.3+deb12u1 fixed
bullseye	vulnerable
bullseye (security)	0.21.0-1+deb11u1 fixed
sid	0.26.0-1 fixed
trixie	0.26.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

opensc

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
lunar	ignored
mantic	ignored
noble	needs-triage
oracular	needs-triage
trusty	ignored
xenial	needs-triage

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

https://access.redhat.com/errata/RHSA-2023:7876

https://access.redhat.com/errata/RHSA-2023:7879

https://access.redhat.com/security/cve/CVE-2023-40661

https://bugzilla.redhat.com/show_bug.cgi?id=2240913

https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651

https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1

https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories

http://www.openwall.com/lists/oss-security/2023/12/13/3

https://access.redhat.com/errata/RHSA-2023:7876

https://access.redhat.com/errata/RHSA-2023:7879

https://access.redhat.com/security/cve/CVE-2023-40661

https://bugzilla.redhat.com/show_bug.cgi?id=2240913

https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651

https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1

https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories

https://lists.debian.org/debian-lts-announce/2023/11/msg00024.html

https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/