CVE-2023-5992

moderate-risk

Published 2024-01-31

A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

Do I need to act?

0.26% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.6/10 Medium

NETWORK / HIGH complexity

Affected Products (16)

Opensc

Enterprise Linux

Enterprise Linux Eus

Enterprise Linux For Arm 64

Enterprise Linux For Arm 64 Eus

Enterprise Linux For Ibm Z Systems

Enterprise Linux For Ibm Z Systems Eus

Enterprise Linux For Power Little Endian

Enterprise Linux For Power Little Endian Eus

Enterprise Linux Server Aus

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions

Affected Vendors

Redhat Opensc Project

References (15)

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0966

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0967

Third Party Advisory https://access.redhat.com/security/cve/CVE-2023-5992

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2248685

Vendor Advisory https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992

Exploit https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0966

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0967

Third Party Advisory https://access.redhat.com/security/cve/CVE-2023-5992

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2248685

Vendor Advisory https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992

https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 18/34 · Moderate