exploitDog

CVE-2021-43399

Опубликовано: 08 дек. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device.

Ссылки

https://blog.inhq.net/posts/yubico-yubihsm-shell-vuln3/
Exploit
Third Party Advisory
https://www.yubico.com/support/security-advisories/ysa-2021-04/
Vendor Advisory
https://blog.inhq.net/posts/yubico-yubihsm-shell-vuln3/
Exploit
Third Party Advisory
https://www.yubico.com/support/security-advisories/ysa-2021-04/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yubico:yubihsm_2_software_development_kit:*:*:*:*:*:*:*:*

Версия до 2021.08 (включая)

EPSS

Процентиль: 58%

0.00367

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-vrp3-rwcp-4q77

CVSS3: 7.5

github

около 4 лет назад

The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device.

EPSS

Процентиль: 58%

0.00367

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-787