An issue exists in the /api/connector endpoint handler in Yubico yubihsm-connector prior to 3.0.1 (in YubiHSM SDK prior to 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
yubico yubihsm connector |
||
fedoraproject fedora 34 |