Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 9.0 | |
libu2f-host | eq | 1.1.6 |