exploitDog

CVE-2023-39908

Опубликовано: 14 авг. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory.

Ссылки

https://blog.inhq.net/posts/yubico-yubihsm-pkcs-vuln/
https://www.yubico.com/support/security-advisories/ysa-2023-01/
Patch
Vendor Advisory
https://blog.inhq.net/posts/yubico-yubihsm-pkcs-vuln/
https://www.yubico.com/support/security-advisories/ysa-2023-01/
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yubico:yubihsm_2_sdk:*:*:*:*:*:*:*:*

Версия до 2023.08 (исключая)

EPSS

Процентиль: 43%

0.00207

Низкий

7.5 High

CVSS3

Дефекты

CWE-125

Связанные уязвимости

GHSA-m369-7f44-fp6w

CVSS3: 7.5

github

больше 2 лет назад

The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory.

EPSS

Процентиль: 43%

0.00207

Низкий

7.5 High

CVSS3

Дефекты

CWE-125