29 matches found
EUVD-2020-5408
Malware in sbrugna...
EUVD-2020-5407
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-13131
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length...
Linux Distros Unpatched Vulnerability : CVE-2020-13132
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free in the ykpivutilgeneratekey function in lib/util.c through...
SUSE CVE-2020-13131
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...
USN-4846-1 yubico-piv-tool vulnerabilities
It was discovered that libykpiv, a supporting library of the Yubico PIV tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker with a custom-made, malicious USB device could potentially execute arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV Manager...
Yubico libykpiv Information Disclosure Vulnerability
Yubico libykpiv is a secret key processing library in a YubiKey smart card micro driver from Yubico, Sweden. A security vulnerability exists in the lib/util.c file in Yubico libykpiv versions prior to 2.1.0. The vulnerability stems from an error in configuration or other errors in the operation o...
Yubico libykpiv code issue vulnerability
Yubico libykpiv is a secret key processing library in a YubiKey smart card micro driver from Yubico, Sweden. A security vulnerability exists in the 'yykpivutilgeneratekey' function in the lib/util.c file in Yubico libykpiv versions prior to 2.1.0. The vulnerability stems from improper design or...
CVE-2020-13131
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...
CVE-2020-13131
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...
DEBIAN-CVE-2020-13131
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...
CVE-2020-13132
An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free in the ykpivutilgeneratekey function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack...
CVE-2020-13132
An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free in the ykpivutilgeneratekey function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack...
Heap overflow
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...
Design/Logic Flaw
An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free in the ykpivutilgeneratekey function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack...
CVE-2020-13132
An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free in the ykpivutilgeneratekey function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack...
UBUNTU-CVE-2020-13131
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...
CVE-2020-13131
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library which is included in yubico-piv-tool does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will...
CVE-2020-13132
An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free in the ykpivutilgeneratekey function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack...
CVE-2020-13132
Summary (CVE-2020-13132) : The issue affects Yubico libykpiv prior to 2.1.0. The root cause is an incorrect free() in ykpiv_util_generate_key() within lib/util.c caused by improper error handling, which can be leveraged to cause a denial of service. The vulnerability is mitigated by upgrading to ...