CVE-2023-5992Observable Discrepancy in Project Opensc

CWE-203Observable DiscrepancyCWE-200Sensitive Information Exposure8 documents8 sources
Severity
5.9MEDIUMNVD
CNA5.6
EPSS
0.3%
top 50.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Opensc Project OpenscRedhat Enterprise LinuxRedhat Enterprise Linux EUS+8 more
Timeline
PublishedJan 31
Latest updateMar 12

Description

A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDopensc_project/opensc< 0.25.0
Debianopensc_project/opensc< 0.21.0-1+deb11u1+3

Also affects: Enterprise Linux 7.0, 8.0, 9.0, 9.4, 9.2

🔴Vulnerability Details

3
OSV
CVE-2023-5992: A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant2024-01-31
GHSA
GHSA-554m-v42f-hcq9: A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant2024-01-31
CVEList
Opensc: side-channel leaks while stripping encryption pkcs#1 padding2024-01-31

📋Vendor Advisories

4
Ubuntu
OpenSC vulnerabilities2025-03-12
Microsoft
Opensc: side-channel leaks while stripping encryption pkcs#1 padding2024-01-09
Red Hat
OpenSC: Side-channel leaks while stripping encryption PKCS#1 padding2023-11-28
Debian
CVE-2023-5992: opensc - A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is n...2023
CVE-2023-5992 — Observable Discrepancy | cvebase