CVE-2020-24387
CVE-2020-24387 affects yubihsm-shell up to version 2.0.2, where yh_create_session() does not validate the device session id, allowing an invalid session id to cause out-of-bounds reads/writes in the session array and potential DoS. Public details modestly describe the impact as a denial of servic...