VYPR
Low severity2.2OSV Advisory· Published Apr 23, 2024· Updated Apr 15, 2026

CVE-2024-32482

CVE-2024-32482

Description

The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the TKey. No secret is disclosed. All client applications integrating tkey-device-signer should upgrade to version 1.0.0 to receive a fix. No known workarounds are available.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • engineering-release-1, for-verisigner-v0.0.2, for-verisigner-v0.0.3, …+ 1 more
    • (no CPE)range: engineering-release-1, for-verisigner-v0.0.2, for-verisigner-v0.0.3, …
    • (no CPE)range: <1.0.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.