CVE-2024-32482 in tkey-device-signerinfo

Zusammenfassung

von MITRE • 23.04.2024

The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the TKey. No secret is disclosed. All client applications integrating tkey-device-signer should upgrade to version 1.0.0 to receive a fix. No known workarounds are available.

Once again VulDB remains the best source for vulnerability data.

Zuständig

GitHub, Inc.

Reservieren

12.04.2024

Veröffentlichung

23.04.2024

Moderieren

akzeptiert

Eintrag

VDB-261814

CPE

bereit

EPSS

0.00115

KEV

nein

Aktivitäten

very low

Quellen

Want to know what is going to be exploited?

We predict KEV entries!