CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%
libopensc.so is vulnerable to Buffer Overflows. The vulnerability exists due to a lack of validation in smartcards in the library, which allows an attacker to send maliciously crafted responses to APDU commands through a malicious smartcard or USB devices, possibly resulting in an application crash.
www.openwall.com/lists/oss-security/2023/12/13/3
access.redhat.com/errata/RHSA-2023:7876
access.redhat.com/errata/RHSA-2023:7879
access.redhat.com/security/cve/CVE-2023-40661
bugzilla.redhat.com/show_bug.cgi?id=2240913
bugzilla.suse.com/show_bug.cgi?id=1215761
github.com/OpenSC/OpenSC/commit/245efe608d083fd4e4ec96793fdefd218e26fde7
github.com/OpenSC/OpenSC/commit/41d61da8481582e12710b5858f8b635e0a71ab5e
github.com/OpenSC/OpenSC/commit/440ca666eff10cc7011901252d20f3fc4ea23651
github.com/OpenSC/OpenSC/commit/5631e9843c832a99769def85b7b9b68b4e3e3959
github.com/OpenSC/OpenSC/commit/578aed8391ef117ca64a9e0cba8e5c264368a0ec
github.com/OpenSC/OpenSC/commit/638a5007a5d240d6fa901aa822cfeef94fe36e85
github.com/OpenSC/OpenSC/commit/c449a181a6988cc1e8dc8764d23574e48cdc3fa6
github.com/OpenSC/OpenSC/commit/df5a176bfdf8c52ba89c7fef1f82f6f3b9312bc1
github.com/OpenSC/OpenSC/issues/2792
github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1
github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories
lists.debian.org/debian-lts-announce/2023/11/msg00024.html
lists.fedoraproject.org/archives/list/[email protected]/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/
lists.fedoraproject.org/archives/list/[email protected]/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/