Denial of Service Vulnerability in Yubico's libykpiv Software
CVE-2020-13132

4.3MEDIUM

Key Information:

Vendor: Yubico
Status: Libykpiv
Vendor: CVE Published:; 9 July 2020

What is CVE-2020-13132?

A vulnerability in Yubico's libykpiv software allows an attacker to exploit inadequate error handling within the ykpiv_util_generate_key() function. This can lead to unexpected behavior, resulting in a denial of service. Users of libykpiv versions prior to 2.1.0 are particularly at risk due to this flaw. For more details, users can refer to the security advisories released by Yubico.

References

https://blog.inhq.net/posts/yubico-libykpiv-vuln/

x_refsource_MISC

https://www.yubico.com/support/security-advisories/ysa-20...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2020
Vulnerability Reserved
May 18, 2020