Lucene search
GoogleOSV:CVE-2020-24387HistoryOct 19, 2020 - 8:15 p.m.
CVE-2020-24387
2020-10-1920:15:12
Google
osv.dev
4
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This could be used by an attacker to cause a denial of service attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| yubihsm-shell | eq | 2.0.0 | |
| yubihsm-shell | eq | 2.0.1 | |
| yubihsm-shell | eq | 2.0.2 |
Related
prion
prion
Design/Logic Flaw
2020-10-19 20:15:00
nvd
nvd
CVE-2020-24387
2020-10-19 20:15:12
cvelist
cvelist
CVE-2020-24387
2020-10-19 19:39:23
cve
cve
CVE-2020-24387
2020-10-19 20:15:12
nessus
nessus
Fedora 33 : yubihsm-shell (2020-8afd443d46)
2020-10-29 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: yubihsm-shell-2.0.3-1.fc33
2020-10-29 01:09:06
openvas
openvas
Fedora: Security Advisory for yubihsm-shell (FEDORA-2020-8afd443d46)
2020-10-29 00:00:00
yubico
yubico
Security Advisory YSA-2020-06 - Yubico
2020-06-02 00:00:00