Vulnerabilities > CVE-2021-43399 - Out-of-bounds Write vulnerability in Yubico Yubihsm 2 Software Development KIT

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
yubico
CWE-787

Summary

The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device.

Vulnerable Configurations

Part Description Count
Application
Yubico
1

Common Weakness Enumeration (CWE)