29 matches found
EUVD-2020-5407
Malware in sbrugna...
EUVD-2020-5408
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-13132
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free in the ykpivutilgeneratekey function in lib/util.c through...
Linux Distros Unpatched Vulnerability : CVE-2020-13131
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length...
SUSE CVE-2020-13131
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...
USN-4846-1 yubico-piv-tool vulnerabilities
It was discovered that libykpiv, a supporting library of the Yubico PIV tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker with a custom-made, malicious USB device could potentially execute arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV Manager...
Yubico libykpiv code issue vulnerability
Yubico libykpiv is a secret key processing library in a YubiKey smart card micro driver from Yubico, Sweden. A security vulnerability exists in the 'yykpivutilgeneratekey' function in the lib/util.c file in Yubico libykpiv versions prior to 2.1.0. The vulnerability stems from improper design or...
Yubico libykpiv Information Disclosure Vulnerability
Yubico libykpiv is a secret key processing library in a YubiKey smart card micro driver from Yubico, Sweden. A security vulnerability exists in the lib/util.c file in Yubico libykpiv versions prior to 2.1.0. The vulnerability stems from an error in configuration or other errors in the operation o...
CVE-2020-13131
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...
CVE-2020-13132
An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free in the ykpivutilgeneratekey function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack...
DEBIAN-CVE-2020-13131
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...
CVE-2020-13131
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...
CVE-2020-13132
An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free in the ykpivutilgeneratekey function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack...
CVE-2020-13132
An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free in the ykpivutilgeneratekey function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack...
Design/Logic Flaw
An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free in the ykpivutilgeneratekey function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack...
Heap overflow
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...
CVE-2020-13131
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...
UBUNTU-CVE-2020-13131
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...
CVE-2020-13132
Summary (CVE-2020-13132) : The issue affects Yubico libykpiv prior to 2.1.0. The root cause is an incorrect free() in ykpiv_util_generate_key() within lib/util.c caused by improper error handling, which can be leveraged to cause a denial of service. The vulnerability is mitigated by upgrading to ...
CVE-2020-13132
An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free in the ykpivutilgeneratekey function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack...