Описание
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.1.4-1ubuntu0.1 |
| cosmic | released | 1.1.6-1ubuntu0.1 |
| devel | not-affected | 1.1.7-1 |
| disco | not-affected | 1.1.7-1 |
| eoan | not-affected | 1.1.7-1 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | released | 1.1.4-1ubuntu0.1 |
| esm-infra/focal | not-affected | 1.1.7-1 |
| focal | not-affected | 1.1.7-1 |
Показывать по
Ссылки на источники
4.6 Medium
CVSS2
6.8 Medium
CVSS3
Связанные уязвимости
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey.
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which c ...
4.6 Medium
CVSS2
6.8 Medium
CVSS3