ByteOS Network

NVD Vulnerability Details :

CVE-2023-40661

Modified

Source-secalert@redhat.com

Published At-06 Nov, 2023 | 17:15

Updated At-03 Nov, 2025 | 22:16

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.4	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Primary	3.1	6.4	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Type: Primary

Version: 3.1

Base score: 6.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CPE Matches

opensc_project>>opensc>>Versions up to 0.23.0(inclusive)

cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux>>8.0

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux>>9.0

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-119	Secondary	secalert@redhat.com
CWE-119	Primary	nvd@nist.gov

CWE ID: CWE-119

Type: Secondary

Source: secalert@redhat.com

CWE ID: CWE-119

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://access.redhat.com/errata/RHSA-2023:7876	secalert@redhat.com	N/A
https://access.redhat.com/errata/RHSA-2023:7879	secalert@redhat.com	N/A
https://access.redhat.com/security/cve/CVE-2023-40661	secalert@redhat.com	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2240913	secalert@redhat.com	Issue Tracking
https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651	secalert@redhat.com	VDB Entry
https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1	secalert@redhat.com	Release Notes
https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories	secalert@redhat.com	Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/12/13/3	af854a3a-2127-422b-91ae-364da2661108	N/A
https://access.redhat.com/errata/RHSA-2023:7876	af854a3a-2127-422b-91ae-364da2661108	N/A
https://access.redhat.com/errata/RHSA-2023:7879	af854a3a-2127-422b-91ae-364da2661108	N/A
https://access.redhat.com/security/cve/CVE-2023-40661	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2240913	af854a3a-2127-422b-91ae-364da2661108	Issue Tracking
https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651	af854a3a-2127-422b-91ae-364da2661108	VDB Entry
https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1	af854a3a-2127-422b-91ae-364da2661108	Release Notes
https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00024.html	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/	af854a3a-2127-422b-91ae-364da2661108	N/A