← Back

CVE-2008-3972

nvd nist
Published: Sep 11, 2008Modified: Apr 23, 2026

JSON object

Loading...
6.6
Vector
AV:L/AC:L/Au:N/C:N/I:C/A:C
Exploitability: 3.9 / Impact: 9.2
Source: NVD

Description

pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.

Affected (21)

Opensc Project
1 product
Opensc
Configuration A
21 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Opensc Project
Opensc
Up to 0.11.5
Opensc
Version 0.10.0
Opensc
Version 0.10.1
Opensc
Version 0.11.0
Opensc
Version 0.11.1
Opensc
Version 0.11.2
Opensc
Version 0.11.3
Opensc
Version 0.11.3 pre3
Opensc
Version 0.11.4
Opensc
Version 0.4.0
Opensc
Version 0.5.0
Opensc
Version 0.6.0
Opensc
Version 0.6.1
Opensc
Version 0.7.0
Opensc
Version 0.8.0
Opensc
Version 0.8.1
Opensc
Version 0.9.2
Opensc
Version 0.9.3
Opensc
Version 0.9.4
Opensc
Version 0.9.5
Opensc
Version 0.9.6
Running on/withPlatform Versions
Siemens
Cardos
Version m4

Related CWEs

CWE-264
CWE-264

References (14)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.