Yubico · Yubihsm 2 Sdk · CVE-2023-39908
**Name of the Vulnerable Software and Affected Versions**
YubiHSM 2 SDK versions through 2023.01
**Description**
The PKCS11 module of the YubiHSM 2 SDK does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory.
**Recommendations**
For YubiHSM 2 SDK versions through 2023.01, consider updating to a version later than 2023.01 to resolve the issue. As a temporary workaround, restrict access to the PKCS11 module to minimize the risk of exploitation. At the moment, there is no information about additional mitigation measures.