Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-9578 | 1 Yubico | 1 Libu2f-host | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device. | |||||
CVE-2018-20340 | 2 Debian, Yubico | 2 Debian Linux, Libu2f-host | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey. |