CVE-2023-40661

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Nov 6, 2023
Updated: Dec 23, 2023
CWE ID 119

Summary

CVE-2023-40661 refers to multiple memory vulnerabilities discovered in the OpenSC packages, specifically during the card enrollment process using pkcs15-init. An attacker who gains physical access to a system can exploit these flaws with a custom-crafted USB device or smart card by manipulating responses to APDUs. Successful exploitation may result in compromised key generation, certificate loading, and other card management operations during enrollment.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Opensc-project Opensc
  • Red Hat Enterprise Linux

Affected Vendors

  • Red Hat