← Back

Libu2f Host

libu2f-host

Vendor: Yubico • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-20340
2Debian
Yubico
2Debian Linux
Libu2f Host
Nov 21, 2024
Mar 21, 2019
N/A· v4
6.8 MEDIUM· v3
4.6 MEDIUM· v2
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device...Show more
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey.Show less
CVE-2019-9578
1Yubico
1Libu2f Host
Nov 21, 2024
Mar 5, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device.