Vulnerabilities (CVE)

Filtered by vendor Yubico Subscribe
Filtered by product Libu2f-host
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-9578 1 Yubico 1 Libu2f-host 2024-11-21 5.0 MEDIUM 7.5 HIGH
In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device.
CVE-2018-20340 2 Debian, Yubico 2 Debian Linux, Libu2f-host 2024-11-21 4.6 MEDIUM 6.8 MEDIUM
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey.