Vulnerabilities > CVE-2021-43399 - Out-of-bounds Write vulnerability in Yubico Yubihsm 2 Software Development KIT

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

yubico

CWE-787

NVD

Published: 2021-12-08

Updated: 2022-04-04

Summary

The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device.

Vulnerable Configurations

Part	Description	Count
Application	Yubico Yubico Yubihsm 2 Software Development KIT *	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.yubico.com/support/security-advisories/ysa-2021-04/
https://blog.inhq.net/posts/yubico-yubihsm-shell-vuln3/