{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T11:53:36.982","vulnerabilities":[{"cve":{"id":"CVE-2024-32482","sourceIdentifier":"security-advisories@github.com","published":"2024-04-23T18:15:14.810","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the TKey. No secret is disclosed. All client applications integrating tkey-device-signer should upgrade to version 1.0.0 to receive a fix. No known workarounds are available."},{"lang":"es","value":"La aplicación del dispositivo de firma Tillitis TKey es una herramienta de firma ed25519. Se ha encontrado una vulnerabilidad que permite revelar partes de los datos del TKey en la RAM a través de la interfaz USB. Para explotar la vulnerabilidad, un atacante necesita utilizar una aplicación cliente personalizada y tocar la tecla TKey. No se revela ningún secreto. Todas las aplicaciones cliente que integran tkey-device-signer deben actualizarse a la versión 1.0.0 para recibir una solución. No hay workarounds disponibles."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N","baseScore":2.2,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-367"}]}],"references":[{"url":"https://bugbounty.tillitis.se/security-bulletins/tillitis-security-bulletin-240115-1","source":"security-advisories@github.com"},{"url":"https://github.com/tillitis/tkey-device-signer/security/advisories/GHSA-frqc-62hv-379p","source":"security-advisories@github.com"},{"url":"https://bugbounty.tillitis.se/security-bulletins/tillitis-security-bulletin-240115-1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/tillitis/tkey-device-signer/security/advisories/GHSA-frqc-62hv-379p","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}