CVE-2018-20340

Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey.
Configurations

Configuration 1 (hide)

cpe:2.3:a:yubico:libu2f-host:1.1.6:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-03-21 16:00

Updated : 2024-02-04 20:20


NVD link : CVE-2018-20340

Mitre link : CVE-2018-20340

CVE.ORG link : CVE-2018-20340


JSON object : View

Products Affected

yubico

  • libu2f-host

debian

  • debian_linux
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer