CVE-2008-3972

pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
opensc-projectopensc
𝑥
≤ 0.11.5
opensc-projectopensc
0.4.0
opensc-projectopensc
0.5.0
opensc-projectopensc
0.6.0
opensc-projectopensc
0.6.1
opensc-projectopensc
0.7.0
opensc-projectopensc
0.8.0
opensc-projectopensc
0.8.1
opensc-projectopensc
0.9.2
opensc-projectopensc
0.9.3
opensc-projectopensc
0.9.4
opensc-projectopensc
0.9.5
opensc-projectopensc
0.9.6
opensc-projectopensc
0.10.0
opensc-projectopensc
0.10.1
opensc-projectopensc
0.11.0
opensc-projectopensc
0.11.1
opensc-projectopensc
0.11.2
opensc-projectopensc
0.11.3
opensc-projectopensc
0.11.3:pre3
opensc-projectopensc
0.11.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
opensc
bullseye
0.21.0-1
fixed
bookworm
0.23.0-0.3+deb12u1
fixed
sid
0.25.1-2
fixed
trixie
0.25.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
opensc
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
ignored
gutsy
ignored
feisty
ignored
dapper
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
http://secunia.com/advisories/32099
http://secunia.com/advisories/34362
http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html
http://www.openwall.com/lists/oss-security/2008/09/09/14
https://exchange.xforce.ibmcloud.com/vulnerabilities/45045
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
http://secunia.com/advisories/32099
http://secunia.com/advisories/34362
http://www.opensc-project.org/pipermail/opensc-announce/2008-August/000021.html
http://www.openwall.com/lists/oss-security/2008/09/09/14
https://exchange.xforce.ibmcloud.com/vulnerabilities/45045
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00686.html