PT-2024-14854 · Opensc+10 · Opensc+10

Eyal Ronen

Published

2023-11-28

Updated

2025-09-05

CVE-2023-5992

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenSC (affected versions not specified)

Description A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant, potentially resulting in the leak of private data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

ALSA-2024:0966

ALSA-2024:0967

ALSA-2024_0966

ALSA-2024_0967

ALT-PU-2024-14487

ALT-PU-2024-7018

ALT-PU-2025-1282

AZL-34088

AZL-35077

BDU:2025-07729

CESA-2024_0967

CVE-2023-5992

DLA-4004-1

INFSA-2024_0966

MGASA-2024-0101

OPENSUSE-SU-2024:13765-1

OPENSUSE-SU-2024_1402-1

RHSA-2024:0966

RHSA-2024:0967

RHSA-2024_0966

RHSA-2024_0967

SUSE-SU-2024:1402-1

SUSE-SU-2024:1402-2

SUSE-SU-2024:1625-1

SUSE-SU-2024:1773-1

SUSE-SU-2024_1402-1

SUSE-SU-2024_1625-1

SUSE-SU-2025:02754-1

SUSE-SU-2025:20530-1

SUSE-SU-2025:20671-1

SUSE-SU-2025_02754-1

USN-7346-1

USN-7346-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Opensc

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-14854 · Opensc+10 · Opensc+10

CVE-2023-5992

Weakness Enumeration

Related Identifiers

Affected Products

References · 97