Improper Input Validation in YubiHSM2 Library by Yubico
CVE-2021-43399

7.5HIGH

Key Information:

Vendor: Yubico
Status: Yubihsm 2 Software Development Kit
Vendor: CVE Published:; 8 December 2021

What is CVE-2021-43399?

The YubiHSM YubiHSM2 library version 2021.08, part of the yubihsm-shell project, is susceptible to improper input validation. This vulnerability arises from the failure to validate the length of specific operations, including SSH signing requests and various data operations received from a YubiHSM 2 device. This could potentially lead to unintended behavior, compromising data security and functionality.

References

https://www.yubico.com/support/security-advisories/ysa-20...

x_refsource_MISC

https://blog.inhq.net/posts/yubico-yubihsm-shell-vuln3/

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2021
Vulnerability Reserved
Nov 4, 2021