CVE-2018-20340

Debian Security Advisory 4389-1

Severity Score

6.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey.

Yubico libu2f-host 1.1.6 contiene búferes sin comprobar en devs.c, lo que podría permitir que un token malicioso explote un desbordamiento de búfer. Un atacante podría emplear esto para ejecutar código malicioso mediante un dispositivo USB manipulado enmascarado como token de seguridad en un ordenador en el que se está empleando la librería afectada. No es posible realizar este ataque con un YubiKey auténtico.

Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM U2F or an application with libu2f-host integrated, to potentially execute arbitrary code on that computer.

*Credits: N/A

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-12-21 CVE Reserved
2019-02-12 CVE Published
2024-08-05 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (6)

URL	Tag	Source
https://blog.inhq.net/posts/yubico-libu2f-host-vuln-part1	X_refsource_misc
https://seclists.org/bugtraq/2019/Feb/23	Mailing List
https://www.debian.org/security/2019/dsa-4389	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://www.yubico.com/support/security-advisories/ysa-2019-01	2019-12-05

URL	Date	SRC
https://developers.yubico.com/libu2f-host/Release_Notes.html	2019-12-05
https://security.gentoo.org/glsa/202004-15	2019-12-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Yubico Search vendor "Yubico"		Libu2f-host Search vendor "Yubico" for product "Libu2f-host"				1.1.6 Search vendor "Yubico" for product "Libu2f-host" and version "1.1.6"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected