CVE-2023-5992

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-5992
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

5.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:0966 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0967 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-5992 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2248685 Issue Tracking
https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 Vendor Advisory
https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf Exploit Technical Description
https://access.redhat.com/errata/RHSA-2024:0966 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0967 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-5992 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2248685 Issue Tracking
https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/
Configurations

Configuration 1 (hide)

cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*
History

21 Nov 2024, 08:42

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/ -
References () https://access.redhat.com/errata/RHSA-2024:0966 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2024:0966 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0967 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2024:0967 - Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2023-5992 - Third Party Advisory () https://access.redhat.com/security/cve/CVE-2023-5992 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2248685 - Issue Tracking () https://bugzilla.redhat.com/show_bug.cgi?id=2248685 - Issue Tracking
References () https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 - Vendor Advisory () https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 - Vendor Advisory
CVSS v2 : unknown
v3 : 5.9 		v2 : unknown
v3 : 5.6

09 Oct 2024, 15:07

Type Values Removed Values Added
First Time Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Redhat enterprise Linux Server Aus
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux Eus
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux For Arm 64 Eus
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat enterprise Linux For Arm 64
CPE cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
References () https://access.redhat.com/errata/RHSA-2024:0966 - () https://access.redhat.com/errata/RHSA-2024:0966 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0967 - () https://access.redhat.com/errata/RHSA-2024:0967 - Third Party Advisory
References () https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf - () https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf - Exploit, Technical Description

03 Sep 2024, 17:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/', 'source': 'secalert@redhat.com'}
  • () https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf -

23 Mar 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/ -

16 Mar 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/ -

26 Feb 2024, 16:27

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0967 -
  • () https://access.redhat.com/errata/RHSA-2024:0966 -

09 Feb 2024, 01:00

Type Values Removed Values Added
First Time Opensc Project opensc
Redhat
Opensc Project
Redhat enterprise Linux
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.9
CWE CWE-203
CPE cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
References () https://access.redhat.com/security/cve/CVE-2023-5992 - () https://access.redhat.com/security/cve/CVE-2023-5992 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2248685 - () https://bugzilla.redhat.com/show_bug.cgi?id=2248685 - Issue Tracking
References () https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 - () https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 - Vendor Advisory

31 Jan 2024, 14:28

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-31 14:15

Updated : 2024-11-21 08:42

NVD link : CVE-2023-5992

Mitre link : CVE-2023-5992

CVE.ORG link : CVE-2023-5992

JSON object : View

Products Affected

redhat

  • enterprise_linux_for_arm_64_eus
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_for_power_little_endian
  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
  • enterprise_linux_for_arm_64
  • enterprise_linux_server_aus
  • enterprise_linux
  • enterprise_linux_eus

opensc_project

  • opensc
CWE
CWE-203

Observable Discrepancy