{"id":"CVE-2023-4535","details":"An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.","modified":"2026-04-12T04:43:52.538806Z","published":"2023-11-06T17:15:12.083Z","related":["ALSA-2023:7879","openSUSE-SU-2024:13314-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/"},{"type":"ADVISORY","url":"https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2023:7879"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2023-4535"},{"type":"ADVISORY","url":"https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2240914"},{"type":"FIX","url":"https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651"},{"type":"FIX","url":"https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opensc/opensc","events":[{"introduced":"0"},{"last_affected":"5497519ea6b4af596628f8f8f2f904bacaa3148f"},{"introduced":"0"},{"last_affected":"a3b5f8d0ae10c8db8f9ee1a9c5ea481dd01ded9f"},{"introduced":"0"},{"last_affected":"f8ad86cd7df9ddeee1fbd528225d99344a1c431d"},{"fixed":"f1993dc4e0b33050b8f72a3558ee88b24c4063b2"},{"fixed":"97121587579e703fe653160f3a2936661d1db2ad"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.23.0-NA"},{"introduced":"0"},{"last_affected":"0.23.0-rc1"},{"introduced":"0"},{"last_affected":"0.23.0-rc2"}]}}],"versions":["0.12.2","0.12.2-rc1","0.13.0","0.13.0pre1","0.13.0rc1","0.14.0","0.14.0rc2","0.14.0rtm","0.15.0","0.16.0","0.17.0","0.17.0-rc1","0.17.0-rc2","0.18.0","0.18.0-rc1","0.18.0-rc2","0.19.0","0.19.0-rc1","0.20.0","0.20.0-rc1","0.20.0-rc2","0.20.0-rc3","0.20.0-rc4","0.21.0","0.21.0-rc1","0.21.0-rc2","0.22.0","0.22.0-rc1","0.22.0-rc2","0.23.0","0.23.0-rc1","0.23.0-rc2","v0.12.2","v0.16.0-pre1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"38"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4535.json","vanir_signatures":[{"target":{"file":"src/libopensc/card-myeid.c"},"signature_version":"v1","source":"https://github.com/opensc/opensc/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2","digest":{"line_hashes":["152542717135334218443889697606128315288","296047678543260417019236930328633218336","180839882553161829417192299166690785606","177003064632393411628735226073418469645","63572039278225233062514022002267837018","50210188395128373171813607616336170554","253410811626775743200720695910653476468","84683505816664426062331975847080569803","117321524271096141511486298431669699340","308101261742640739054787516047978766371","110196384570917267734850129568450163726","100228438357547854724695792188021159109","124515532821682404390025202154034169682","189811264767265632643640001083953991077"],"threshold":0.9},"signature_type":"Line","deprecated":false,"id":"CVE-2023-4535-03425f31"},{"target":{"file":"src/libopensc/card-myeid.c","function":"myeid_enc_dec_sym"},"signature_version":"v1","source":"https://github.com/opensc/opensc/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2","digest":{"length":4543,"function_hash":"246676491618527353254962229597535780088"},"signature_type":"Function","deprecated":false,"id":"CVE-2023-4535-4474a0fd"}],"vanir_signatures_modified":"2026-04-12T04:43:52Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}]}