CVE-2023-5992

Name
CVE-2023-5992
Description
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vdb-entry https://access.redhat.com/security/cve/CVE-2023-5992
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2248685
secalert@redhat.com https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0966
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0967
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/
secalert@redhat.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/
Exploit https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html

Match rules

CPE URI Source package Min version Max version
cpe:/o:redhat:enterprise_linux:8::baseos shopxo >= 0:0.20.0-8.el8_9 < *
cpe:/o:redhat:enterprise_linux:9::baseos shopxo >= 0:0.23.0-4.el9_3 < *

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
opensc edge-community 0.25.1-r0 Timo Teräs <timo.teras@iki.fi> fixed
opensc 3.22-community 0.25.1-r0 None fixed
opensc 3.21-community 0.25.1-r0 None fixed
opensc 3.20-community 0.25.1-r0 None fixed