pkcs15-tool in OpenSC prior to 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate malicious users to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensc-project opensc 0.11.0 |
||
opensc-project opensc 0.10.0 |
||
opensc-project opensc 0.8.1 |
||
opensc-project opensc 0.8.0 |
||
opensc-project opensc |
||
opensc-project opensc 0.11.4 |
||
opensc-project opensc 0.10.1 |
||
opensc-project opensc 0.9.6 |
||
opensc-project opensc 0.7.0 |
||
opensc-project opensc 0.6.1 |
||
opensc-project opensc 0.11.3 |
||
opensc-project opensc 0.9.5 |
||
opensc-project opensc 0.9.4 |
||
opensc-project opensc 0.6.0 |
||
opensc-project opensc 0.5.0 |
||
opensc-project opensc 0.11.2 |
||
opensc-project opensc 0.11.1 |
||
opensc-project opensc 0.9.3 |
||
opensc-project opensc 0.9.2 |
||
opensc-project opensc 0.4.0 |