CVE-2023-5992 Opensc: side-channel leaks while stripping encryption pkcs#1 padding

🗓️ 31 Jan 2024 14:05:07Reported by redhatType

OpenSC vulnerability, PKCS#1 padding removal not side-channel resistan

Reporter	Title	Published	Views	Family All 135
Tenable Nessus	Amazon Linux 2023 : opensc (ALAS2023-2024-580)	3 Apr 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : opensc (ALAS-2024-2566)	12 Jun 202400:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0026: opensc (ALINUX3-SA-2024:0026)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : opensc (ALSA-2024:0966)	28 Feb 202400:00	–	nessus
Tenable Nessus	AlmaLinux 8 : opensc (ALSA-2024:0967)	28 Feb 202400:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: opensc (CVE-2023-5992)	27 Feb 202500:00	–	nessus
Tenable Nessus	CentOS 8 : opensc (CESA-2024:0967)	25 Feb 202400:00	–	nessus
Tenable Nessus	CentOS 9 : opensc-0.23.0-3.el9	26 Apr 202400:00	–	nessus
Tenable Nessus	CentOS 9 : opensc-0.23.0-4.el9	26 Apr 202400:00	–	nessus
Tenable Nessus	Debian dla-4004 : opensc - security update	28 Dec 202400:00	–	nessus

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "opensc",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:0.20.0-8.el8_9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8::baseos"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "opensc",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:0.23.0-4.el9_3",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9::baseos"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "opensc",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
usenix	www.usenix.org/system/files/usenixsecurity24-shagam.pdf
github	www.github.com/OpenSC/OpenSC/wiki/CVE-2023-5992
access	www.access.redhat.com/errata/RHSA-2024:0967
access	www.access.redhat.com/errata/RHSA-2024:0966
access	www.access.redhat.com/security/cve/CVE-2023-5992

06 Nov 2025 21:45Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.15.6

EPSS0.00257

CWE-203