Low severity2.2NVD Advisory· Published Apr 23, 2024· Updated Apr 15, 2026

CVE-2024-32482

Description

The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the TKey. No secret is disclosed. All client applications integrating tkey-device-signer should upgrade to version 1.0.0 to receive a fix. No known workarounds are available.

Patches

4d9fe474af2d

https://github.com/tillitis/tkey-device-signervia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

bugbounty.tillitis.se/security-bulletins/tillitis-security-bulletin-240115-1nvd
github.com/tillitis/tkey-device-signer/security/advisories/GHSA-frqc-62hv-379pnvd

News mentions

No linked articles in our index yet.

cvss	0.143
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000