CVE-2023-39908

Name of the Vulnerable Software and Affected Versions YubiHSM 2 SDK versions through 2023.01

Description The PKCS11 module of the YubiHSM 2 SDK does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory.

Recommendations For YubiHSM 2 SDK versions through 2023.01, consider updating to a version later than 2023.01 to resolve the issue. As a temporary workaround, restrict access to the PKCS11 module to minimize the risk of exploitation. At the moment, there is no information about additional mitigation measures.