First published: Tue Mar 05 2019(Updated: )
In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Yubico libu2f-host | <1.1.8 | |
<1.1.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-9578 is a vulnerability in Yubico libu2f-host before version 1.1.8 that allows uninitialized stack memory to be leaked back to the device.
CVE-2019-9578 affects Yubico libu2f-host before version 1.1.8.
The severity of CVE-2019-9578 is high with a CVSS score of 7.5.
To fix CVE-2019-9578, update Yubico libu2f-host to version 1.1.8 or later.
You can find more information about CVE-2019-9578 in the following references: [link1](http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00012.html), [link2](http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00018.html), [link3](https://blog.inhq.net/posts/yubico-libu2f-host-vuln-part2/).