Security advisory YSA-2020-02, YSA-2020-03 | Yubico | YubiKey
The libykpiv library, included in the Yubico PIV Tool project and the YubiKey Smart Card Minidriver, does not properly check embedded length fields during device communication. A maliciously-crafted PIV token could possibly misreport the returned length fields during RSA key generation. This coul...