CVE-2023-40661
CVSS V2 None
CVSS V3 None
Description
Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow
compromise key generation, certificate loading, and other card management operations during enrollment.
Overview
- CVE ID
- CVE-2023-40661
- Assigner
- redhat
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-11-06T16:58:43.029Z
- Last Modified Date
- 2024-05-01T20:21:02.210Z
Weakness Enumerations
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-40661 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40661 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-25 02:21:54 | Added to TrackCVE |