Multiple vulnerabilities in OpenSC

Published: 2024-03-01

Risk	Low
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2024-1454 CVE-2023-5992
CWE-ID	CWE-416 CWE-310
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	OpenSC Universal components / Libraries / Libraries used by multiple products
Vendor	OpenSC

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU86939

Risk: Low

CVSSv3.1: 2.8 [CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-1454

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows an attacker to bypass authentication.

The vulnerability exists due to a use-after-free error in the AuthentIC driver in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker with physical access to the system can use a crafted USB device or smart card to present the system with specially crafted responses to the APDUs to card management operations during enrollment.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenSC: 0.2.0 - 0.24.0 rc2

External links

http://access.redhat.com/security/cve/CVE-2024-1454
http://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64898
http://bugzilla.redhat.com/show_bug.cgi?id=2263929
http://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Cryptographic issues

EUVDB-ID: #VU86937

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-5992

CWE-ID: CWE-310 - Cryptographic Issues