Yubico YubiHSM 2 SDK YubiHSM Shell 2.4.0 Uninitialized Memory Read (YSA-2023-01)

The version of Yubico YubiHSM Shell, a component of YubiHSM 2 SDK, installed on the remote host is 2.4.0. It is, therefore, affected by an uninitlized memory read vulnerability: - The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read...

EUVD-2021-13982

Malware in sbrugna...

EUVD-2020-17120

Malware in sbrugna...

EUVD-2020-17119

Malware in sbrugna...

CVE-2021-32489

An issue was discovered in the sendsecuremsg function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because responsemsg.st.len=8 can be accepted but triggers an integer overflow, which...

CVE-2021-27217

An issue was discovered in the sendsecuremsg function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aesremovepadding can crash the running process,...

yubihsm-shell 缓冲区错误漏洞

yubihsm-shell is a component for individual developers to interact with YubiHSM 2. The component is mostly found in applications that interact with YubiHSM 2 and is geared towards user and program level interaction. A buffer error vulnerability exists in yubihsm-shell where the product does not...

CVE-2021-32489

An issue was discovered in the sendsecuremsg function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because responsemsg.st.len=8 can be accepted but triggers an integer overflow, which...

CVE-2021-32489

An issue was discovered in the sendsecuremsg function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because responsemsg.st.len=8 can be accepted but triggers an integer overflow, which...

Integer overflow

An issue was discovered in the sendsecuremsg function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because responsemsg.st.len=8 can be accepted but triggers an integer overflow, which...

CVE-2021-32489

The CVE-2021-32489 issue affects the Yubico yubihsm-shell up to version 2.0.3, where _send_secure_msg() fails to properly validate the embedded length field of authenticated messages from the device. This can allow an integer overflow (e.g., when response_msg.st.len=8) that causes OpenSSL’s CRYPT...

CVE-2021-32489

An issue was discovered in the sendsecuremsg function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because responsemsg.st.len=8 can be accepted but triggers an integer overflow, which...

yubihsm-shell 输入验证错误漏洞

yubihsm-shell is a component for individual developers to interact with YubiHSM 2. The component is mostly found in applications that interact with YubiHSM 2 and is geared towards user and program level interaction. A security vulnerability exists in yubihsm-shell version 2.0.3. The vulnerability...

Security Advisory YSA-2021-04 | Yubico

The YubiHSM library that is included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests and some data operations received from the YubiHSM 2...

CVE-2021-27217

An issue was discovered in the sendsecuremsg function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aesremovepadding can crash the running process,...

CVE-2021-27217

An issue was discovered in the sendsecuremsg function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aesremovepadding can crash the running process,...

Out-of-bounds

An issue was discovered in the sendsecuremsg function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aesremovepadding can crash the running process,...

CVE-2021-27217

CVE-2021-27217 affects yubihsm-shell up to version 2.0.3. The _send_secure_msg() function fails to properly validate the embedded length field of an authenticated device message, enabling out-of-bounds reads in aes_remove_padding() that can crash the process and cause a client-side denial of serv...

CVE-2021-27217

An issue was discovered in the sendsecuremsg function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aesremovepadding can crash the running process,...

yubihsm-shell 缓冲区错误漏洞

yubihsm-shell is a component for individual developers to interact with YubiHSM 2. The component is mostly found in applications that interact with YubiHSM 2 and is geared towards user and program level interaction. A security vulnerability exists in Yubico yubihsm-shell through 2.0.3, which can ...