CVE-2023-5992

Summary

A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 80:0.20.0-8.el8_9 < *unaffected
Red HatRed Hat Enterprise Linux 90:0.23.0-4.el9_3 < *unaffected

Weaknesses

  • CWE-203: Observable Discrepancy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References