CVE-2008-3972 — Opensc vulnerability

6 documents6 sources

Severity

6.6MEDIUMNVD

CNA4.9OSV4.9

EPSS

0.1%

top 70.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensc Project Opensc Opensc-project Opensc

Timeline

PublishedSep 11

Latest updateMay 2

Description

pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.

CVSS vector

AV:L/AC:L/C:N/I:C/A:CExploitability: 3.9 | Impact: 9.2

Affected Packages2 packages

▶Debianopensc_project/opensc< 0.11.4-5+3

▶NVDopensc-project/opensc0.11.5+19

🔴Vulnerability Details

GHSA

GHSA-445p-3crg-24jx: pkcs15-tool in OpenSC before 0↗2022-05-02

▶

OSV

CVE-2008-3972: pkcs15-tool in OpenSC before 0↗2008-09-11

▶

CVEList

CVE-2008-3972: pkcs15-tool in OpenSC before 0↗2008-09-10

▶

📋Vendor Advisories

Debian

CVE-2008-3972: opensc - pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart c...↗2008

▶

💬Community

Bugzilla

CVE-2008-2235, CVE-2008-3972 opensc: incorrect initialization of Siemens CardOS M4 smart cards↗2008-07-31

▶