Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2021-27217
Analyzed
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-04 Mar, 2021 | 18:15
Updated At-26 Mar, 2021 | 20:07

An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aes_remove_padding() can crash the running process, depending on the memory layout. This could be used by an attacker to cause a client-side denial of service. The yubihsm-shell project is included in the YubiHSM 2 SDK product.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.4MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Primary2.03.5LOW
AV:N/AC:M/Au:S/C:N/I:N/A:P
CPE Matches
yubico
yubico
>>yubihsm-shell>>Versions up to 2.0.3(inclusive)
cpe:2.3:a:yubico:yubihsm-shell:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://blog.inhq.net/posts/yubico-libyubihsm-vuln2cve@mitre.org
Exploit
Third Party Advisory
https://github.com/Yubico/yubihsm-shell/releasescve@mitre.org
Release Notes
Third Party Advisory
https://www.yubico.com/support/security-advisories/ysa-2021-01/cve@mitre.org
Vendor Advisory
Change History
0Changes found
Details not found