Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yubico yubihsm-shell vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2021-43399
The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device.
Yubico Yubihsm 2 Software Development Kit
3.5
CVSSv2
CVE-2021-32489
An issue exists in the _send_secure_msg() function of Yubico yubihsm-shell up to and including 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because response_msg.st.len=8 can be accepted but triggers...
3.5
CVSSv2
CVE-2021-27217
An issue exists in the _send_secure_msg() function of Yubico yubihsm-shell up to and including 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aes_remove_padding() can...
Yubico Yubihsm-shell
5
CVSSv2
CVE-2020-24387
An issue exists in the yh_create_session() function of yubihsm-shell up to and including 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This c...
Yubico Yubihsm-shell
Fedoraproject Fedora 33
5
CVSSv2
CVE-2020-24388
An issue exists in the _send_secure_msg() function of yubihsm-shell up to and including 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This c...
Yubico Yubihsm-shell
Fedoraproject Fedora 33
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started