CVE-2023-5992: A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the…

medium5.9CVSS 3.1

AVNACHPRNUINSUCHINAN

A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

Affected

35 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	opensc	< opensc 0.23.0-0.3+deb12u2 (bookworm)	opensc 0.23.0-0.3+deb12u2 (bookworm)
msrc	azl3_opensc_0.23.0-1_on_azure_linux_3.0	—	—
msrc	azl3_opensc_0.25.1-3_on_azure_linux_3.0	—	—
msrc	cbl2_opensc_0.23.0-3_on_cbl_mariner_2.0	—	—
msrc	cbl2_opensc_0.23.0-4_on_cbl_mariner_2.0	—	—
opensc_project	opensc	< 0.25.0	0.25.0
opensc_project	opensc	>= 0 < 0.21.0-1+deb11u1	0.21.0-1+deb11u1
opensc_project	opensc	>= 0 < 0.23.0-0.3+deb12u2	0.23.0-0.3+deb12u2
opensc_project	opensc	>= 0 < 0.25.0~rc1-1	0.25.0~rc1-1
opensc_project	opensc	>= 0 < 0.25.0~rc1-1	0.25.0~rc1-1
opensc_project	opensc	>= 0 < 0.15.0-1ubuntu1+esm3	0.15.0-1ubuntu1+esm3
opensc_project	opensc	>= 0 < 0.15.0-1ubuntu1+esm2	0.15.0-1ubuntu1+esm2
opensc_project	opensc	>= 0 < 0.17.0-3ubuntu0.1~esm3	0.17.0-3ubuntu0.1~esm3
opensc_project	opensc	>= 0 < 0.17.0-3ubuntu0.1~esm2	0.17.0-3ubuntu0.1~esm2
opensc_project	opensc	>= 0 < 0.20.0-3ubuntu0.1~esm3	0.20.0-3ubuntu0.1~esm3
opensc_project	opensc	>= 0 < 0.20.0-3ubuntu0.1~esm4	0.20.0-3ubuntu0.1~esm4
opensc_project	opensc	>= 0 < 0.20.0-3ubuntu0.1~esm2	0.20.0-3ubuntu0.1~esm2
opensc_project	opensc	>= 0 < 0.22.0-1ubuntu2+esm1	0.22.0-1ubuntu2+esm1
opensc_project	opensc	>= 0 < 0.25.0~rc1-1ubuntu0.1~esm1	0.25.0~rc1-1ubuntu0.1~esm1
paloalto	pan-os	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_for_arm_64	—	—

CVSS provenance

nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

osv5.9MEDIUM