VDB
DEBIAN-CVE-2023-40661
DEBIAN-CVE-2023-40661
PUBLISHED
CVSS 6.400000095367432 MEDIUM
Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment.
Risk Scores
CVSS v3.1
6.400000095367432
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | opensc | 0, 0, 0 |
| Debian:14 | opensc | 0, 0, 0 |
| Debian:12 | opensc | 0, 0.23.0-0.3, 0 |
| Debian:11 | opensc | 0, 0.21.0-1, 0 |
Timeline
- Nov 6, 2023 CVE Published
- Apr 28, 2026 CVE Updated