First published: Mon Aug 14 2023(Updated: )
The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Yubico Yubihsm 2 Sdk | <2023.08 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2023-39908.
The severity of CVE-2023-39908 is high with a severity value of 7.5.
The affected software is Yubico Yubihsm 2 SDK versions up to and excluding 2023.08.
CVE-2023-39908 is a vulnerability in the PKCS11 module of the YubiHSM 2 SDK which allows for the disclosure of uninitialized and previously used memory due to improper validation of the length of read operations on object metadata.
Yes, you can find more information about CVE-2023-39908 in the following references: - https://blog.inhq.net/posts/yubico-yubihsm-pkcs-vuln/ - https://www.yubico.com/support/security-advisories/ysa-2023-01/