CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys
This issue require physical access to the computer running opensc and crafted USB device or smart card that would present the system with specially crafted responses to the APDUs so they are considered a high-complexity and low-severity.
This issue is in the code handling symmetric keys, which are not widely used for example for desktop login so most of the deployments are not affected.
- CID 380538: Out-of-bounds read in MyEID handling of encryption using symmetric keys.
- Fixed with f1993dc4e0b33050b8f72a3558ee88b24c4063b2
Originally reported by Coverity
CVSS:3.0AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L (4.5)