CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32489
https://notcve.org/view.php?id=CVE-2021-32489
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because response_msg.st.len=8 can be accepted but triggers an integer overflow, which causes CRYPTO_cbc128_decrypt (in OpenSSL) to encounter an undersized buffer and experience a segmentation fault. The yubihsm-shell project is included in the YubiHSM 2 SDK product. Se detectó un problema en la función _send_secure_msg() de Yubico yubihsm-shell versiones hasta 2.0.3. La función no comprueba correctamente el campo de longitud insertado de un mensaje autenticado recibido del dispositivo porque response_msg.st.len=8 puede ser aceptado pero desencadena un desbordamiento de enteros, lo que causa a CRYPTO_cbc128_decrypt (en OpenSSL) encuentre un búfer de tamaño insuficiente y experimente un fallo de segmentación. • https://blog.inhq.net/posts/yubico-libyubihsm-vuln2/#second-attack-variant-cve-pending • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-27217
https://notcve.org/view.php?id=CVE-2021-27217
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aes_remove_padding() can crash the running process, depending on the memory layout. This could be used by an attacker to cause a client-side denial of service. The yubihsm-shell project is included in the YubiHSM 2 SDK product. • https://blog.inhq.net/posts/yubico-libyubihsm-vuln2 https://github.com/Yubico/yubihsm-shell/releases https://www.yubico.com/support/security-advisories/ysa-2021-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-24388
https://notcve.org/view.php?id=CVE-2020-24388
An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service. Se detectó un problema en la función _send_secure_msg() de yubihsm-shell versiones hasta 2.0.2. • https://blog.inhq.net/posts/yubico-libyubihsm-vuln https://developers.yubico.com/yubihsm-shell https://github.com/Yubico/yubihsm-shell https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y77KQJW76M3PFOBFLBT6DLH2NWHYRNZO https://www.yubico.com/support/security-advisories/ysa-2020-06 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-24387
https://notcve.org/view.php?id=CVE-2020-24387
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This could be used by an attacker to cause a denial of service attack. Se detectó un problema en la función yh_create_session() de yubihsm-shell versiones hasta 2.0.2. • https://blog.inhq.net/posts/yubico-libyubihsm-vuln https://developers.yubico.com/yubihsm-shell https://github.com/Yubico/yubihsm-shell https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y77KQJW76M3PFOBFLBT6DLH2NWHYRNZO https://www.yubico.com/support/security-advisories/ysa-2020-06 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •