4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.8 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
56.7%
Severity: High
Date : 2019-02-11
CVE-ID : CVE-2018-20340
Package : libu2f-host
Type : arbitrary code execution
Remote : No
Link : https://security.archlinux.org/AVG-884
The package libu2f-host before version 1.1.7-1 is vulnerable to
arbitrary code execution.
Upgrade to 1.1.7-1.
The problem has been fixed upstream in version 1.1.7.
None.
Yubico library libu2f-host prior to version 1.1.7 contains an unchecked
buffer, which could allow a buffer overflow. Libu2f-host is a library
that implements the host party of the U2F protocol. This issue can
allow an attacker with a custom made malicious USB device masquerading
as a security key, and physical access to a computer where PAM U2F or
an application with libu2f-host integrated, to potentially execute
arbitrary code on that computer. Users of the YubiKey PAM U2F Tool are
the most impacted since the arbitrary code could execute with elevated
privileges.
A malicious USB device can execute arbitrary code on the host.
https://www.yubico.com/support/security-advisories/ysa-2019-01/
https://security.archlinux.org/CVE-2018-20340
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | libu2f-host | < 1.1.7-1 | UNKNOWN |
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.8 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
56.7%