CVE-2023-40661

MEDIUM 5.4

Opensc: multiple memory issues with pkcs15-init (enrollment tool)

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

0th

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment.

CWE	CWE-119
Published	Nov 6, 2023
Last Updated	Nov 6, 2025

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new medium vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

Affected Versions

Red Hat / Red Hat Enterprise Linux 8

All versions affected

Red Hat / Red Hat Enterprise Linux 9

All versions affected

Red Hat / Red Hat Enterprise Linux 7

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7876 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7879 access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-40661 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2240913 github.com: https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 github.com: https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 github.com: https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories openwall.com: http://www.openwall.com/lists/oss-security/2023/12/13/3 lists.debian.org: https://lists.debian.org/debian-lts-announce/2023/11/msg00024.html lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/ lists.debian.org: https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html