CVE-2023-5992

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-5992
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

5.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:0966 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0967 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-5992 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2248685 Issue Tracking
https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 Vendor Advisory
https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf Exploit Technical Description
https://access.redhat.com/errata/RHSA-2024:0966 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0967 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-5992 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2248685 Issue Tracking
https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/
Configurations

Configuration 1 (hide)

cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*
History

21 Nov 2024, 08:42

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.9 		v2 : unknown
v3 : 5.6
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/ -
References () https://access.redhat.com/errata/RHSA-2024:0966 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2024:0966 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0967 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2024:0967 - Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2023-5992 - Third Party Advisory () https://access.redhat.com/security/cve/CVE-2023-5992 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2248685 - Issue Tracking () https://bugzilla.redhat.com/show_bug.cgi?id=2248685 - Issue Tracking
References () https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 - Vendor Advisory () https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 - Vendor Advisory

09 Oct 2024, 15:07

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2024:0966 - () https://access.redhat.com/errata/RHSA-2024:0966 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0967 - () https://access.redhat.com/errata/RHSA-2024:0967 - Third Party Advisory
References () https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf - () https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf - Exploit, Technical Description
First Time Redhat enterprise Linux For Arm 64 Eus
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat enterprise Linux For Arm 64
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux Server Aus
Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Redhat enterprise Linux Eus
Redhat enterprise Linux For Power Little Endian
CPE cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*

03 Sep 2024, 17:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/', 'source': 'secalert@redhat.com'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/', 'source': 'secalert@redhat.com'}
  • () https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf -

23 Mar 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/ -

16 Mar 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/ -

16 Mar 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/ -

26 Feb 2024, 16:27

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0966 -
  • () https://access.redhat.com/errata/RHSA-2024:0967 -

14 Feb 2024, 14:16

Type Values Removed Values Added
CWE CWE-200

09 Feb 2024, 01:00

Type Values Removed Values Added
References () https://access.redhat.com/security/cve/CVE-2023-5992 - () https://access.redhat.com/security/cve/CVE-2023-5992 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2248685 - () https://bugzilla.redhat.com/show_bug.cgi?id=2248685 - Issue Tracking
References () https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 - () https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 - Vendor Advisory
First Time Opensc Project opensc
Opensc Project
Redhat enterprise Linux
Redhat
CVSS v2 : unknown
v3 : 5.6 		v2 : unknown
v3 : 5.9
CPE cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*
CWE CWE-203

31 Jan 2024, 14:28

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-31 14:15

Updated : 2024-11-21 08:42

NVD link : CVE-2023-5992

Mitre link : CVE-2023-5992

CVE.ORG link : CVE-2023-5992

JSON object : View

Products Affected

redhat

  • enterprise_linux
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_for_power_little_endian
  • enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
  • enterprise_linux_for_arm_64_eus
  • enterprise_linux_server_aus
  • enterprise_linux_eus
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux_for_arm_64

opensc_project

  • opensc
CWE
CWE-203

Observable Discrepancy