DEBIAN-CVE-2008-3972

DEBIAN-CVE-2008-3972 PUBLISHED

pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.

Affected Products

Vendor	Product	Versions
Debian:13	opensc	0, 0, 0
Debian:12	opensc	0, 0, 0
Debian:14	opensc	0, 0, 0
Debian:11	opensc	0, 0, 0

Timeline

Sep 11, 2008 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2008-3972 advisory

Open in Interactive Console →