Denial Of Service (DoS)

2021-12-1100:45:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

48.6%

JSON

libyubihsm.so is vulnerable to denial of service (DoS). The vulnerability exists due to a boundary error in the yh_com_sign_ssh_certificate function, allowing an attacker to cause an application crash by passing specially crafted input using certify command or the -a sign-ssh-certificate.

CPENameOperatorVersion
libyubihsm.soeq2.2.0
libyubihsm.soeq2.2.0

CPE	Name	Operator	Version
	libyubihsm.so	eq	2.2.0
	libyubihsm.so	eq	2.2.0

References

blog.inhq.net/posts/yubico-yubihsm-shell-vuln3/

github.com/Yubico/yubihsm-shell/commit/e4ddbe93390529632cd338b7f6994a5f7df9b86d

www.yubico.com/support/security-advisories/ysa-2021-04/

0.001 Low

EPSS

Percentile

48.6%

JSON

Related for VERACODE:33248