Lucene search
PRIOn knowledge basePRION:CVE-2021-28484HistoryApr 14, 2021 - 6:15 p.m.
Cross site request forgery (csrf)
2021-04-1418:15:00
PRIOn knowledge base
www.prio-n.com
3
0.002 Low
EPSS
Percentile
57.1%
An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fedora | eq | 34 | |
| yubihsm_connector | lt | 3.0.1 |
Related
osv
osv
Infinite loop in Yubico yubihsm-connector
2022-02-15 01:57:18
CVE-2021-28484
2021-04-14 18:15:14
nvd
nvd
CVE-2021-28484
2021-04-14 18:15:14
yubico
yubico
Security Advisory YSA-2021-02 - Yubico
2021-02-03 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: yubihsm-connector-3.0.1-1.fc34
2021-05-20 01:12:57
gitlab
gitlab
Loop with Unreachable Exit Condition ('Infinite Loop')
2022-02-15 00:00:00
github
github
Infinite loop in Yubico yubihsm-connector
2022-02-15 01:57:18
cvelist
cvelist
CVE-2021-28484
2021-04-14 17:07:26
openvas
openvas
Fedora: Security Advisory for yubihsm-connector (FEDORA-2021-d04010b90e)
2021-05-20 00:00:00
cve
cve
CVE-2021-28484
2021-04-14 18:15:14