3 matches found
CVE-2021-32489
An issue was discovered in the sendsecuremsg function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because responsemsg.st.len=8 can be accepted but triggers an integer overflow, which...
CVE-2021-32489
An issue was discovered in the sendsecuremsg function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because responsemsg.st.len=8 can be accepted but triggers an integer overflow, which...
CVE-2021-32489
The CVE-2021-32489 issue affects the Yubico yubihsm-shell up to version 2.0.3, where _send_secure_msg() fails to properly validate the embedded length field of authenticated messages from the device. This can allow an integer overflow (e.g., when response_msg.st.len=8) that causes OpenSSL’s CRYPT...