QwikSec

Security Database

CVE

CWE

Training

CVE-2023-4535

Published: Nov 6, 2023

Modified: Nov 21, 2025

PUBLISHED

CVSS v3.1

4.5

MEDIUM

Description

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.

Vendor	Product	Versions
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:0.23.0-3.el9_3 - < *`
Red Hat	Red Hat Enterprise Linux 7	All versions
Red Hat	Red Hat Enterprise Linux 8	All versions

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

Attack Vector

Physical

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

References

vendor-advisory

x_refsource_REDHAT

https://access.redhat.com/security/cve/CVE-2023-4535

vdb-entry

x_refsource_REDHAT

issue-tracking

x_refsource_REDHAT

https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2

https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651

https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1

https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.