Low severity2.2OSV Advisory· Published Apr 23, 2024· Updated Apr 15, 2026
CVE-2024-32482
CVE-2024-32482
Description
The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the TKey. No secret is disclosed. All client applications integrating tkey-device-signer should upgrade to version 1.0.0 to receive a fix. No known workarounds are available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2engineering-release-1, for-verisigner-v0.0.2, for-verisigner-v0.0.3, …+ 1 more
- (no CPE)range: engineering-release-1, for-verisigner-v0.0.2, for-verisigner-v0.0.3, …
- (no CPE)range: <1.0.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.