Fedora 40 : opensc (2024-3dbc3e8105)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3dbc3e8105 advisory. New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454 Tenable has extracted the preceding description block directly from the...

Medium: opensc

Issue Overview: A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. CVE-2023-5992 The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages...

AZL-34384 CVE-2024-1454 affecting package opensc for versions less than 0.23.0-4

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

CVE-2024-1454

CVE-2024-1454 concerns the OpenSC AuthentIC driver: a use-after-free during card enrolment (pkcs15-init) that can enable manipulation of card management operations when an attacker has physical access and can present crafted APDU responses. The issue is limited to the enrolment process and requir...