Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-F2CF34C79ED746108B7791713523D760HistoryFeb 15, 2022 - 12:00 a.m.
Loop with Unreachable Exit Condition ('Infinite Loop')
2022-02-1500:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
7
0.002 Low
EPSS
Percentile
57.1%
An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler does not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this.
| CPE | Name | Operator | Version |
|---|---|---|---|
| go/github.com/yubico/yubihsm-connector | lt | v3.0.1 |
Related
osv
osv
Infinite loop in Yubico yubihsm-connector
2022-02-15 01:57:18
CVE-2021-28484
2021-04-14 18:15:14
nvd
nvd
CVE-2021-28484
2021-04-14 18:15:14
yubico
yubico
Security Advisory YSA-2021-02 - Yubico
2021-02-03 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: yubihsm-connector-3.0.1-1.fc34
2021-05-20 01:12:57
github
github
Infinite loop in Yubico yubihsm-connector
2022-02-15 01:57:18
openvas
openvas
Fedora: Security Advisory for yubihsm-connector (FEDORA-2021-d04010b90e)
2021-05-20 00:00:00
prion
prion
Cross site request forgery (csrf)
2021-04-14 18:15:00
cvelist
cvelist
CVE-2021-28484
2021-04-14 17:07:26
cve
cve
CVE-2021-28484
2021-04-14 18:15:14