QwikSec

Security Database

CVE

CWE

Training

CVE-2023-5992

Published: Jan 31, 2024

Modified: Nov 6, 2025

PUBLISHED

CVSS v3.1

5.6

MEDIUM

Description

A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

Vendor	Product	Versions
Red Hat	Red Hat Enterprise Linux 8	unaffected `0:0.20.0-8.el8_9 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:0.23.0-4.el9_3 - < *`
Red Hat	Red Hat Enterprise Linux 7	All versions

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

https://access.redhat.com/security/cve/CVE-2023-5992

vdb-entry

x_refsource_REDHAT

issue-tracking

x_refsource_REDHAT

https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992

https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.