CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32489
https://notcve.org/view.php?id=CVE-2021-32489
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because response_msg.st.len=8 can be accepted but triggers an integer overflow, which causes CRYPTO_cbc128_decrypt (in OpenSSL) to encounter an undersized buffer and experience a segmentation fault. The yubihsm-shell project is included in the YubiHSM 2 SDK product. Se detectó un problema en la función _send_secure_msg() de Yubico yubihsm-shell versiones hasta 2.0.3. La función no comprueba correctamente el campo de longitud insertado de un mensaje autenticado recibido del dispositivo porque response_msg.st.len=8 puede ser aceptado pero desencadena un desbordamiento de enteros, lo que causa a CRYPTO_cbc128_decrypt (en OpenSSL) encuentre un búfer de tamaño insuficiente y experimente un fallo de segmentación. • https://blog.inhq.net/posts/yubico-libyubihsm-vuln2/#second-attack-variant-cve-pending • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28484
https://notcve.org/view.php?id=CVE-2021-28484
An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this. Se detectó un problema en el manejador de endpoint api/connector en Yubico yubihsm-connector versiones anteriores a 3.0.1 (en YubiHSM SDK versiones anteriores a 2021.04). El manejador no comprobó la longitud de la petición, lo que puede conllevar a un estado en el que yubihsm-connector se atasca en un bucle esperando a que YubiHSM le envíe datos, lo que impide cualquier otra operación hasta que yubihsm-connector es reiniciado. • https://github.com/Yubico/yubihsm-connector/releases https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7Q2KGXSPQEEONAWMFZRVH2TXWX3QPCQ https://www.yubico.com/support/security-advisories/ysa-2021-02 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-27217
https://notcve.org/view.php?id=CVE-2021-27217
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aes_remove_padding() can crash the running process, depending on the memory layout. This could be used by an attacker to cause a client-side denial of service. The yubihsm-shell project is included in the YubiHSM 2 SDK product. • https://blog.inhq.net/posts/yubico-libyubihsm-vuln2 https://github.com/Yubico/yubihsm-shell/releases https://www.yubico.com/support/security-advisories/ysa-2021-01 • CWE-125: Out-of-bounds Read •
CVSS: 4.2EPSS: 0%CPEs: 45EXPL: 1CVE-2021-3011
https://notcve.org/view.php?id=CVE-2021-3011
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF). Se detectó un problema de canal lateral de ondas electromagnéticas en los microcontroladores de seguridad NXP SmartMX / P5x y en los microcontroladores de autenticación segura A7x, con CryptoLib versiones hasta v2.9. • https://ninjalab.io/a-side-journey-to-titan https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-24388
https://notcve.org/view.php?id=CVE-2020-24388
An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service. Se detectó un problema en la función _send_secure_msg() de yubihsm-shell versiones hasta 2.0.2. • https://blog.inhq.net/posts/yubico-libyubihsm-vuln https://developers.yubico.com/yubihsm-shell https://github.com/Yubico/yubihsm-shell https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y77KQJW76M3PFOBFLBT6DLH2NWHYRNZO https://www.yubico.com/support/security-advisories/ysa-2020-06 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •