CVE-2021-28484
Summary
| CVE | CVE-2021-28484 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-04-14 18:15:00 UTC |
|---|
| Updated | 2023-11-07 03:32:00 UTC |
|---|
| Description | An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Security Advisory YSA-2021-02 - Yubico |
MISC |
www.yubico.com |
|
| Releases · Yubico/yubihsm-connector · GitHub |
MISC |
github.com |
|
| [SECURITY] Fedora 34 Update: yubihsm-connector-3.0.1-1.fc34 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 34 Update: yubihsm-connector-3.0.1-1.fc34 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 281176 Fedora Security Update for yubihsm (FEDORA-2021-d04010b90e)
