First published: Wed Dec 08 2021(Updated: )
The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Yubico Yubihsm 2 Software Development Kit | <=2021.08 | |
<=2021.08 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-43399.
The severity of CVE-2021-43399 is high with a CVSS score of 7.5.
The affected software for CVE-2021-43399 is Yubico Yubihsm 2 Software Development Kit version 2021.08.
The CWE ID for CVE-2021-43399 is CWE-787.
To fix CVE-2021-43399, it is recommended to update to a patched version of the Yubico YubiHSM YubiHSM2 library and follow any provided instructions from Yubico.