Yubico Yubihsm Shell
By the Year
In 2024 there have been 0 vulnerabilities in Yubico Yubihsm Shell . Yubihsm Shell did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 2 | 4.40 |
| 2020 | 2 | 7.50 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Yubihsm Shell vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Yubico Yubihsm Shell Security Vulnerabilities
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3
CVE-2021-32489
4.4 - Medium
- May 10, 2021
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because response_msg.st.len=8 can be accepted but triggers an integer overflow, which causes CRYPTO_cbc128_decrypt (in OpenSSL) to encounter an undersized buffer and experience a segmentation fault. The yubihsm-shell project is included in the YubiHSM 2 SDK product.
Integer Overflow or Wraparound
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3
CVE-2021-27217
4.4 - Medium
- March 04, 2021
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aes_remove_padding() can crash the running process, depending on the memory layout. This could be used by an attacker to cause a client-side denial of service. The yubihsm-shell project is included in the YubiHSM 2 SDK product.
Out-of-bounds Read
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2
CVE-2020-24387
7.5 - High
- October 19, 2020
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This could be used by an attacker to cause a denial of service attack.
Insufficient Session Expiration
An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2
CVE-2020-24388
7.5 - High
- October 19, 2020
An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by Yubico? Click the Watch button to subscribe.
