1. Home
  2. CVE Database
  3. CVE-2018-20340
MEDIUM · 6.8

CVE-2018-20340

Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using ...

Vulnerability Description

Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey.

CVSS Score

6.8

MEDIUM

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
YubicoLibu2F-Host1.1.6
DebianDebian Linux9.0

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2018-20340?

CVE-2018-20340 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using ...

How severe is CVE-2018-20340?

CVE-2018-20340 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-20340?

Check the references section above for vendor advisories and patch information. Affected products include: Yubico Libu2F-Host, Debian Debian Linux.