Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment.
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-11-06T16:58:43.029Z

Updated: 2024-11-23T03:33:10.705Z

Reserved: 2023-08-18T08:08:53.353Z

Link: CVE-2023-40661

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-11-06T17:15:11.830

Modified: 2024-11-21T08:19:55.537

Link: CVE-2023-40661

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-09-25T00:00:00Z

Links: CVE-2023-40661 - Bugzilla