CVE-2020-24388
CVE-2020-24388 affects yubihsm-shell up to 2.0.2. The _send_secure_msg() function does not validate the embedded length field of a message from the device, enabling an oversized memcpy() that can crash the process and cause a denial of service. Public references in NVD, OSV, and YubiHSM disclosur...