Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Good to know:
Date: May 10, 2021
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because response_msg.st.len=8 can be accepted but triggers an integer overflow, which causes CRYPTO_cbc128_decrypt (in OpenSSL) to encounter an undersized buffer and experience a segmentation fault. The yubihsm-shell project is included in the YubiHSM 2 SDK product.
Weakness Type (CWE)
Integer Overflow or WraparoundCWE-190
Upgrade to version 2.1.0
|Attack Vector (AV):||NETWORK|
|Attack Complexity (AC):||HIGH|
|Privileges Required (PR):||HIGH|
|User Interaction (UI):||NONE|
|Access Vector (AV):||NETWORK|
|Access Complexity (AC):||MEDIUM|