Linux Distros Unpatched Vulnerability : CVE-2020-13131

🗓️ 30 Aug 2025 00:00:00Reported by TenableType

Unpatched Linux/Unix hosts with Yubico libykpiv before 2.1.0 may leak memory during RSA keygen.

Reporter	Title	Published	Views	Family All 11
CNVD	Yubico libykpiv Information Disclosure Vulnerability	12 Jul 202000:00	–	cnvd
CVE	CVE-2020-13131	9 Jul 202017:50	–	cve
Cvelist	CVE-2020-13131	9 Jul 202017:50	–	cvelist
Debian CVE	CVE-2020-13131	9 Jul 202017:50	–	debiancve
EUVD	EUVD-2020-5407	7 Oct 202500:30	–	euvd
NVD	CVE-2020-13131	9 Jul 202018:15	–	nvd
OSV	DEBIAN-CVE-2020-13131	9 Jul 202018:15	–	osv
OSV	UBUNTU-CVE-2020-13131	9 Jul 202018:15	–	osv
Prion	Heap overflow	9 Jul 202018:15	–	prion
SUSE CVE	SUSE CVE-2020-13131	15 Feb 202303:58	–	susecve

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2020-13131
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(259497);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/30");

  script_cve_id("CVE-2020-13131");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2020-13131");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is included in
    yubico-piv-tool) does not properly check embedded length fields during device communication. A malicious
    PIV token can misreport the returned length fields during RSA key generation. This will cause stack memory
    to be copied into heap allocated memory that gets returned to the caller. The leaked memory could include
    PINs, passwords, key material, and other sensitive information depending on the integration. During
    further processing by the caller, this information could leak across trust boundaries. Note that RSA key
    generation is triggered by the host and cannot directly be triggered by the token. (CVE-2020-13131)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2020-13131");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-13131");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:yubico-piv-tool");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-16.04", "Host/OS/Ubuntu Linux-18.04", "Host/OS/Ubuntu Linux-20.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "yubico-piv-tool"}
        ]
      }
    ]
  },
  "Ubuntu Linux-18.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "18.04",
        "pkgs": [
          {"reference": "yubico-piv-tool"}
        ]
      }
    ]
  },
  "Ubuntu Linux-20.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "20.04",
        "pkgs": [
          {"reference": "yubico-piv-tool"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

30 Aug 2025 00:00Current

5.1Medium risk

Vulners AI Score5.1

CVSS 21.9

CVSS 3.14.3

CVSS 34.3

EPSS0.0007