CVE-2023-4535 MEDIUM

CVE-2023-4535: Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys

Vendor Red Hat

Product Red Hat Enterprise Linux 7

Weakness CWE-125

Published November 6, 2023

Last update November 21, 2025

View on NVD All CVEs

CVSS base score

4.5/10

Attack vector Physical

Attack complexity High

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.

Key dates

02Disclosure timeline

November 6, 2023 CVE published

November 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-4535 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/125.html

Related vulnerabilities

Identifiers

CVE CVE-2023-4535

CWE CWE-125

CVSS 4.5 / MEDIUM

Affected versions

Vendor Red Hat

Product Red Hat Enterprise Linux 7

Affected All versions

Vendor Red Hat

Product Red Hat Enterprise Linux 8

Affected All versions

CVE-2023-4535: Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys

01Description

02Disclosure timeline

03References

04Related CVE