[pkg-opensc-maint] Bug#1055520: opensc: CVE-2023-4535
Salvatore Bonaccorso
carnil at debian.org
Tue Nov 7 19:55:17 GMT 2023
Source: opensc
Version: 0.23.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for opensc.
CVE-2023-4535[0]:
| An out-of-bounds read vulnerability was found in OpenSC packages
| within the MyEID driver when handling symmetric key encryption.
| Exploiting this flaw requires an attacker to have physical access to
| the computer and a specially crafted USB device or smart card. This
| flaw allows the attacker to manipulate APDU responses and
| potentially gain unauthorized access to sensitive data, compromising
| the system's security.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-4535
https://www.cve.org/CVERecord?id=CVE-2023-4535
[1] https://github.com/OpenSC/OpenSC/wiki/CVE-2023-4535
[2] https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-opensc-maint
mailing list