Vulnerability Description
An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yubico | Yubihsm-Shell | <= 2.0.2 |
| Fedoraproject | Fedora | 33 |
Related Weaknesses (CWE)
References
- https://blog.inhq.net/posts/yubico-libyubihsm-vuln/ExploitThird Party Advisory
- https://developers.yubico.com/yubihsm-shell/Vendor Advisory
- https://github.com/Yubico/yubihsm-shellThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.yubico.com/support/security-advisories/ysa-2020-06/Vendor Advisory
- https://blog.inhq.net/posts/yubico-libyubihsm-vuln/ExploitThird Party Advisory
- https://developers.yubico.com/yubihsm-shell/Vendor Advisory
- https://github.com/Yubico/yubihsm-shellThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.yubico.com/support/security-advisories/ysa-2020-06/Vendor Advisory
FAQ
What is CVE-2020-24388?
CVE-2020-24388 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could le...
How severe is CVE-2020-24388?
CVE-2020-24388 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-24388?
Check the references section above for vendor advisories and patch information. Affected products include: Yubico Yubihsm-Shell, Fedoraproject Fedora.