{"api_version":"1","generated_at":"2026-04-23T06:20:17+00:00","cve":"CVE-2023-4535","urls":{"html":"https://cve.report/CVE-2023-4535","api":"https://cve.report/api/cve/CVE-2023-4535.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-4535","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-4535"},"summary":{"title":"CVE-2023-4535","description":"An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-11-06 17:15:00","updated_at":"2023-11-14 17:11:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2","name":"https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2","refsource":"MISC","tags":[],"title":"myeid: fixed CID 380538  Out-of-bounds read (OVERRUN) · OpenSC/OpenSC@f1993dc · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2240914","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2240914","refsource":"MISC","tags":[],"title":"2240914 – (CVE-2023-4535) CVE-2023-4535 OpenSC: out-of-bounds read in MyEID driver handling encryption using symmetric keys","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories","name":"https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories","refsource":"MISC","tags":[],"title":"OpenSC security advisories · OpenSC/OpenSC Wiki · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1","name":"https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1","refsource":"MISC","tags":[],"title":"Release 0.24.0-rc1 · OpenSC/OpenSC · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651","name":"https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651","refsource":"MISC","tags":[],"title":"New release 0.24.0 · Issue #2792 · OpenSC/OpenSC · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/security/cve/CVE-2023-4535","name":"https://access.redhat.com/security/cve/CVE-2023-4535","refsource":"MISC","tags":[],"title":"cve-details","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-4535","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4535","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"4535","vulnerable":"1","versionEndIncluding":"0.23.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"opensc_project","cpe5":"opensc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4535","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-4535","qid":"161246","title":"Oracle Enterprise Linux Security Update for opensc (ELSA-2023-7879)"},{"cve":"CVE-2023-4535","qid":"242627","title":"Red Hat Update for opensc (RHSA-2023:7879)"},{"cve":"CVE-2023-4535","qid":"284825","title":"Fedora Security Update for opensc (FEDORA-2023-c7e4c9af51)"},{"cve":"CVE-2023-4535","qid":"285094","title":"Fedora Security Update for opensc (FEDORA-2023-a854153d7a)"},{"cve":"CVE-2023-4535","qid":"356637","title":"Amazon Linux Security Advisory for opensc : ALAS2023-2023-417"},{"cve":"CVE-2023-4535","qid":"506145","title":"Alpine Linux Security Update for opensc"},{"cve":"CVE-2023-4535","qid":"907691","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for opensc (31945-1)"},{"cve":"CVE-2023-4535","qid":"941511","title":"AlmaLinux Security Update for opensc (ALSA-2023:7879)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-4535","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Out-of-bounds Read","cweId":"CWE-125"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"OpenSC","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"0.24.0-rc1","status":"unaffected"}]}}]}}]}},{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"Red Hat Enterprise Linux 7","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}},{"product_name":"Red Hat Enterprise Linux 8","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}},{"product_name":"Red Hat Enterprise Linux 9","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}},{"vendor_name":"Fedora","product":{"product_data":[{"product_name":"Fedora","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}}]}},"references":{"reference_data":[{"url":"https://access.redhat.com/security/cve/CVE-2023-4535","refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2023-4535"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2240914","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2240914"},{"url":"https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2","refsource":"MISC","name":"https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2"},{"url":"https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651","refsource":"MISC","name":"https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651"},{"url":"https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1","refsource":"MISC","name":"https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1"},{"url":"https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories","refsource":"MISC","name":"https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories"}]},"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"PHYSICAL","availabilityImpact":"LOW","baseScore":4.5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L","version":"3.1"}]}},"nvd":{"publishedDate":"2023-11-06 17:15:00","lastModifiedDate":"2023-11-14 17:11:00","problem_types":["CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","attackVector":"PHYSICAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW","baseScore":3.8,"baseSeverity":"LOW"},"exploitabilityScore":0.4,"impactScore":3.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*","versionStartIncluding":"0.17.0","versionEndIncluding":"0.23.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}