CVE-2023-5992

Name: CVE-2023-5992
Creator: NVD / NIST
Published: 2024-01-31T14:15:48.147+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.9/10EPSS 1.16%

Last modified Jun 17, 2026

CVE-2023-5992 is a medium-severity vulnerability rated 5.9/10 on the CVSS scale. A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.. EPSS estimates a 1.16% chance of exploitation in the next 30 days.

Description

A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

Metrics

CVSS 3.1

5.9/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

1.16%

63.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Opensc Project	Opensc	< 0.25.0
Redhat	Enterprise Linux	7.0
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux	9.0
Redhat	Enterprise Linux Eus	9.4
Redhat	Enterprise Linux For Arm 64	8.0_aarch64
Redhat	Enterprise Linux For Arm 64	9.0_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	9.4_aarch64
Redhat	Enterprise Linux For Ibm Z Systems	8.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems	9.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	9.4_s390x
Redhat	Enterprise Linux For Power Little Endian	9.0_ppc64le
Redhat	Enterprise Linux For Power Little Endian Eus	9.4_ppc64le
Redhat	Enterprise Linux Server Aus	9.4
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	9.2
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	9.4_ppc64le

References

https://access.redhat.com/errata/RHSA-2024:0966Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0967Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-5992Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2248685Issue Tracking
https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992Vendor Advisory
https://www.usenix.org/system/files/usenixsecurity24-shagam.pdfExploit, Technical Description
https://access.redhat.com/errata/RHSA-2024:0966Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0967Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-5992Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2248685Issue Tracking
https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/

Timeline

Published: Jan 31, 2024
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-5992?

A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

How severe is CVE-2023-5992?

CVE-2023-5992 has a CVSS score of 5.9/10 (MEDIUM severity). The EPSS model estimates a 1.16% probability of exploitation in the next 30 days.

How do I fix CVE-2023-5992?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-5992?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST