Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

CVE-2023-5992 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2023-5992

CVE-2023-5992

MEDIUM5.6

Opensc: side-channel leaks while stripping encryption pkcs#1 padding

Published Jan 31, 2024

Modified 4 months ago

Details

A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

References

ADVISORY

https://access.redhat.com/errata/RHSA-2024:0966

ADVISORY

https://access.redhat.com/errata/RHSA-2024:0967

WEB

https://access.redhat.com/security/cve/CVE-2023-5992

WEB

https://bugzilla.redhat.com/show_bug.cgi?id=2248685

WEB

https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992

WEB

https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html

WEB

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/

WEB

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/

WEB

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2023-5992

WEB

https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf

CVSS Analysis

CVSS v3.1

5.6

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

LowC:L

Integrity

LowI:L

Availability

LowA:L

5.6/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Weakness Type (CWE)

Other

CWE-203

Ecosystems

Timeline

PublishedJan 31, 2024

ModifiedNov 6, 2025