Yubico

Yubihsm-shell

4 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.4

CVE-2021-32489

Exploit
  • EPSS 0.71%
  • Published 10.05.2021 22:15:06
  • Last modified 21.11.2024 06:07:08

An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because response_msg.st.len=8 ca...

4.4

CVE-2021-27217

Exploit
  • EPSS 0.62%
  • Published 04.03.2021 18:15:14
  • Last modified 21.11.2024 05:57:37

An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed b...

7.5

CVE-2020-24387

Exploit
  • EPSS 0.79%
  • Published 19.10.2020 20:15:12
  • Last modified 21.11.2024 05:14:43

An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in...

7.5

CVE-2020-24388

Exploit
  • EPSS 0.79%
  • Published 19.10.2020 20:15:12
  • Last modified 21.11.2024 05:14:43

An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash t...