CVE-2020-13132
Severity Score
4.6
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free() in the ykpiv_util_generate_key() function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack.
Se detectó un problema en Yubico libykpiv versiones anteriores a 2.1.0. Un atacante puede desencadenar un free() incorrecto en la función ykpiv_util_generate_key() en la biblioteca lib/util.c por medio de un código de manejo de errores incorrecto. Esto podría ser usado para causar un ataque de denegación de servicio
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-05-18 CVE Reserved
- 2020-07-09 CVE Published
- 2023-03-25 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-763: Release of Invalid Pointer or Reference
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://blog.inhq.net/posts/yubico-libykpiv-vuln | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.yubico.com/support/security-advisories/ysa-2020-02 | 2021-07-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Yubico Search vendor "Yubico" | Libykpiv Search vendor "Yubico" for product "Libykpiv" | < 2.1.0 Search vendor "Yubico" for product "Libykpiv" and version " < 2.1.0" | - |
Affected
| ||||||
| Yubico Search vendor "Yubico" | Piv Tool Manager Search vendor "Yubico" for product "Piv Tool Manager" | < 2.0.0 Search vendor "Yubico" for product "Piv Tool Manager" and version " < 2.0.0" | - |
Affected
| ||||||
| Yubico Search vendor "Yubico" | Yubikey Smart Card Minidriver Search vendor "Yubico" for product "Yubikey Smart Card Minidriver" | <= 4.1.0.172 Search vendor "Yubico" for product "Yubikey Smart Card Minidriver" and version " <= 4.1.0.172" | - |
Affected
| ||||||