CVE-2023-40661

🗓️ 06 Nov 2023 16:58:43Reported by redhatType

Several memory vulnerabilities in OpenSC packages, particularly in card enrollment using pkcs15-init, allow attackers to manipulate responses and compromise card operations during enrollment

Reporter	Title	Published	Views	Family All 113
Tenable Nessus	Amazon Linux 2023 : opensc (ALAS2023-2023-417)	4 Nov 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : opensc (ALAS-2023-2323)	2 Nov 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0026: opensc (ALINUX3-SA-2024:0026)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : opensc (ALSA-2023:7876)	20 Dec 202300:00	–	nessus
Tenable Nessus	AlmaLinux 9 : opensc (ALSA-2023:7879)	22 Dec 202300:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: opensc (CVE-2023-40661)	11 Jul 202500:00	–	nessus
Tenable Nessus	CentOS 8 : opensc (CESA-2023:7876)	9 Jan 202400:00	–	nessus
Tenable Nessus	CentOS 9 : opensc-0.23.0-3.el9	26 Apr 202400:00	–	nessus
Tenable Nessus	Debian dla-3668 : opensc - security update	27 Nov 202300:00	–	nessus
Tenable Nessus	Debian dla-4004 : opensc - security update	28 Dec 202400:00	–	nessus

NVD

Node

opensc_project openscRange≤0.23.0

Node

redhat enterprise_linuxMatch8.0

redhat enterprise_linuxMatch9.0

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "0.24.0",
        "versionType": "semver"
      }
    ],
    "packageName": "OpenSC",
    "collectionURL": "https://github.com/OpenSC/OpenSC",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "opensc",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:0.20.0-7.el8_9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8::baseos"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "opensc",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:0.23.0-3.el9_3",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9::baseos"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "opensc",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  }
]

Source	Link
github	www.github.com/OpenSC/OpenSC/issues/2792
github	www.github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1
github	www.github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories
access	www.access.redhat.com/security/cve/CVE-2023-40661
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2023:7879
access	www.access.redhat.com/errata/RHSA-2023:7876
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/
lists	www.lists.debian.org/debian-lts-announce/2024/12/msg00026.html
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/

06 Nov 2025 22:59Current

6Medium risk

Vulners AI Score6

CVSS 3.15.4 - 6.4

EPSS0.00295

CWE-119