CVE-2023-40661

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Nov 6, 2023

Updated: Dec 23, 2023

CWE ID 119

Summary

CVE-2023-40661 refers to multiple memory vulnerabilities discovered in the OpenSC packages, specifically during the card enrollment process using pkcs15-init. An attacker who gains physical access to a system can exploit these flaws with a custom-crafted USB device or smart card by manipulating responses to APDUs. Successful exploitation may result in compromised key generation, certificate loading, and other card management operations during enrollment.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Opensc-project Opensc
Red Hat Enterprise Linux

Affected Vendors

Red Hat

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sYpISD
https://www.cve.org/CVERecord?id=CVE-2023-40661
https://nvd.nist.gov/vuln/detail/CVE-2023-40661

Back to Vulnerability Database