CVE-2009-0368
opensc - information disclosure
EPSS 0.38%
Description
OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.
How to fix CVE-2009-0368
To remediate CVE-2009-0368, upgrade the affected package to a fixed version below.
- Debian/opensc—upgrade to 0.11.7-1 or later
- Debian/opensc—upgrade to 0.11.4-5+lenny1 or later
Is CVE-2009-0368 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.11.7-1
- from 0, < 0.11.4-5+lenny1