CVE-2008-3972

Description

pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.

How to fix CVE-2008-3972

To remediate CVE-2008-3972, upgrade the affected package to a fixed version below.

• Debian/opensc—upgrade to 0.11.4-5 or later

Is CVE-2008-3972 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.11.4-5

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-3972