Skip to content

Latest commit

 

History

History
15 lines (10 loc) · 889 Bytes

CVE-2023-4535.md

File metadata and controls

15 lines (10 loc) · 889 Bytes

CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys

This issue require physical access to the computer running opensc and crafted USB device or smart card that would present the system with specially crafted responses to the APDUs so they are considered a high-complexity and low-severity.

This issue is in the code handling symmetric keys, which are not widely used for example for desktop login so most of the deployments are not affected.

  • CID 380538: Out-of-bounds read in MyEID handling of encryption using symmetric keys.
    • Fixed with f1993dc4e0b33050b8f72a3558ee88b24c4063b2

Originally reported by Coverity

CVSS:3.0AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L (4.5)