VDB
CVE-2008-3972
CVE-2008-3972
PUBLISHED
CVSS 6.599999904632568 MEDIUM
pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.
EPSS 0.11% · 29.2th percentile
Risk Scores
CVSS v2.0
6.599999904632568
EPSS Score
0.11%
29.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| opensc-project | opensc | 0.4.0, 0.6.0, 0.6.1 |
Timeline
- Sep 10, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- May 24, 2023 EPSS Score
References
- opensc-pkcs15tool-weak-security(45045) vdb
- 34362 third-party-advisory
- FEDORA-2009-2267 vendor-advisory
- [oss-security] 20080909 Re: opensc 0.11.6 with fixed security update mailing-list
- [opensc-announce] 20080827 opensc 0.11.6 with fixed security update mailing-list
- 32099 third-party-advisory
- SUSE-SR:2008:019 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2008-3972 advisory