Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv3

CVE-2018-20340

Published: 21/03/2019 Updated: 05/12/2019
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.8 | Impact Score: 5.9 | Exploitability Score: 0.9
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

yubico libu2f-host 1.1.6

debian debian linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: libu2f-host: CVE-2018-20340
Debian Bug report logs - #921726 libu2f-host: CVE-2018-20340 Package: src:libu2f-host; Maintainer for src:libu2f-host is Debian Authentication Maintainers <team+auth@trackerdebianorg>; Reported by: Sébastien Delafond <seb@debianorg> Date: Fri, 8 Feb 2019 13:15:02 UTC Severity: grave Tags: security, upstream Merg ...
Arch Linux Issues:
Yubico library libu2f-host prior to version 117 contains an unchecked buffer, which could allow a buffer overflow Libu2f-host is a library that implements the host party of the U2F protocol This issue can allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM U2F or ...

References

CWE-119https://www.yubico.com/support/security-advisories/ysa-2019-01/https://www.debian.org/security/2019/dsa-4389https://seclists.org/bugtraq/2019/Feb/23https://developers.yubico.com/libu2f-host/Release_Notes.htmlhttps://blog.inhq.net/posts/yubico-libu2f-host-vuln-part1/https://security.gentoo.org/glsa/202004-15https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921726https://nvd.nist.govhttps://security.archlinux.org/CVE-2018-20340
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypassopen redirectCVE-2024-4358CVE-2024-24199CVE-2024-5550CVE-2024-5305CVE-2024-30373CVE-2024-1800deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook