CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-28484

An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.3%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2021-28484

Yubico » Yubihsm Connector » Version: N/A

cpe:2.3:a:yubico:yubihsm_connector:-
Yubico » Yubihsm Connector » Version: 2.0.0

cpe:2.3:a:yubico:yubihsm_connector:2.0.0
Yubico » Yubihsm Connector » Version: 2.1.0

cpe:2.3:a:yubico:yubihsm_connector:2.1.0
Yubico » Yubihsm Connector » Version: 2.2.0

cpe:2.3:a:yubico:yubihsm_connector:2.2.0
Yubico » Yubihsm Connector » Version: 3.0.0

cpe:2.3:a:yubico:yubihsm_connector:3.0.0
Fedoraproject » Fedora » Version: 34

cpe:2.3:o:fedoraproject:fedora:34

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-28484

Products

Pricing

Contact Us