CVE-2023-40661

CVSS V2 None CVSS V3 None
Description
Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment.
Overview
  • CVE ID
  • CVE-2023-40661
  • Assigner
  • redhat
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-11-06T16:58:43.029Z
  • Last Modified Date
  • 2024-05-01T20:21:02.210Z
History
Created Old Value New Value Data Type Notes
2024-06-25 02:21:54 Added to TrackCVE