Alpine: multiple opensc packages: security update to 0.25.1-r0

medium Tenable Self-Hosted Container Security Plugin ID 426639

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-
channel resistant. This issue may result in the potential leak of private data. (CVE-2023-5992)

- The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the
card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An
attacker must have physical access to the computer system and requires a crafted USB device or smart card
to present the system with specially crafted responses to the APDUs, which are considered high complexity
and low severity. This manipulation can allow for compromised card management operations during enrolment.
(CVE-2024-1454)

See Also

https://security.alpinelinux.org/vuln/CVE-2023-5992

https://security.alpinelinux.org/vuln/CVE-2024-1454

Plugin Details

Severity: Medium

ID: 426639

Version: Revision 1.8

Type: Local

Published: 5/16/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 5

Percentile: 94.66

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4.2

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2023-5992

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 11/30/2023

Reference Information

CVE: CVE-2023-5992, CVE-2024-1454