CVE-2018-20340
Summary
| CVE | CVE-2018-20340 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2019-03-21 16:00:00 UTC |
|---|
| Updated | 2019-12-05 17:15:00 UTC |
|---|
| Description | Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Debian -- Security Information -- DSA-4389-1 libu2f-host |
MISC |
www.debian.org |
Third Party Advisory |
| Release Notes |
CONFIRM |
developers.yubico.com |
Release Notes, Vendor Advisory |
| libu2f-host: Multiple vulnerabilities (GLSA 202004-15) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| Security advisory 2019-02-08 | Yubico |
CONFIRM |
www.yubico.com |
Patch, Vendor Advisory |
| Bugtraq: [SECURITY] [DSA 4389-1] libu2f-host security update |
MISC |
seclists.org |
Mailing List, Third Party Advisory |
| Yubico libu2f-host vulnerability - part one | invd blog |
MISC |
blog.inhq.net |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 750033 SUSE Enterprise Linux Security Update for libu2f-host (SUSE-SU-2021:1755-1)
- 750189 OpenSUSE Security Update for libu2f-host (openSUSE-SU-2021:0799-1)
- 750805 OpenSUSE Security Update for libu2f-host (openSUSE-SU-2021:1755-1)
