CVE-2023-5992

2024-01-3114:15:48

Google

osv.dev

opensc

vulnerability

side-channel

encryption

padding

potential leak

private data

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.9%

JSON

A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

CPENameOperatorVersion
opensceq0.22.0
opensceq0.19.0
opensceq0.24.0-rc2
opensceq0.16.0-rc1
opensceq0.23.0
opensceq0.18.0-rc2
opensceq0.18.0
opensceq0.17.0-rc2
opensceq0.19.0-rc1
opensceq0.17.0-rc1

Name	Operator	Version
opensc	eq	0.22.0
opensc	eq	0.19.0
opensc	eq	0.24.0-rc2
opensc	eq	0.16.0-rc1
opensc	eq	0.23.0
opensc	eq	0.18.0-rc2
opensc	eq	0.18.0
opensc	eq	0.17.0-rc2
opensc	eq	0.19.0-rc1
opensc	eq	0.17.0-rc1