Main Vulnerability Database Vulnerabilities #VU82974

#VU82974 Buffer overflow in OpenSC - CVE-2023-40661

Published: November 10, 2023

Vulnerability identifier: #VU82974

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-40661

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
OpenSC

Software vendor:
OpenSC

Description

The vulnerability allows an attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. An attacker with physical access to the system can trigger memory corruption and execute arbitrary code with elevated privileges.

Remediation

Install updates from vendor's website.

External links

https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1
https://bugzilla.redhat.com/show_bug.cgi?id=2240913
https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories
https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
https://access.redhat.com/security/cve/CVE-2023-40661

#VU82974 Buffer overflow in OpenSC - CVE-2023-40661

Description

Remediation

External links

Please verify you're human