How severe is CVE-2023-2977?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2023-2977?

This is classified as CWE-119, which is a common weakness in software security.

CVE-2023-2977 - HIGH Severity | CVSS 7.1

Vulnerability Description

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.

Related Vulnerabilities

CVE-2015-5261

HIGH

CVSS:7.1(High)

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.

CWE-1192015

CVE-2016-4743

HIGH

CVSS:7.1(High)

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves th...

CWE-1192016

CVE-2016-4998

HIGH

CVSS:7.1(High)

The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensi...

CWE-1192016

CVE-2017-1105

HIGH

CVSS:7.1(High)

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of...

CWE-1192017

CVE-2017-13820

HIGH

CVSS:7.1(High)

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ATS" component. It allows remote attackers to obtain sensitive information from process mem...

CWE-1192017

CVE-2017-13850

HIGH

CVSS:7.1(High)

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Font Importer" component. It allows remote attackers to cause a denial of service (memory c...

CWE-1192017