Yubico

2 exploits Active since Oct 2020
CVE-2020-24387 WRITEUP HIGH WRITEUP
yubihsm-shell < 2.0.2 - Out-of-bounds Read and Write via Invalid Session ID
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This could be used by an attacker to cause a denial of service attack.
CVSS 7.5
CVE-2020-24388 WRITEUP HIGH WRITEUP
yubihsm-shell < 2.0.2 - Denial of Service via Unvalidated Message Length Field
An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service.
CVSS 7.5