PT-2021-23830 · Yubico · Yubihsm 2
Christian Reitter
·
Published
2021-12-08
·
Updated
2022-04-04
·
CVE-2021-43399
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Yubico YubiHSM YubiHSM2 library version 2021.08
Description
The issue arises from improper validation of the length of certain operations, including SSH signing requests and data operations received from a YubiHSM 2 device. This affects the Yubico YubiHSM YubiHSM2 library included in the yubihsm-shell project.
Recommendations
For Yubico YubiHSM YubiHSM2 library version 2021.08, consider updating to a newer version that properly validates the length of operations to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yubihsm 2