CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-43399

The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properly validate the length of some operations including SSH signing requests, and some data operations received from a YubiHSM 2 device.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.9%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 7.8

References

https://blog.inhq.net/posts/yubico-yubihsm-shell-vuln3/
https://www.yubico.com/support/security-advisories/ysa-2021-04/
https://blog.inhq.net/posts/yubico-yubihsm-shell-vuln3/
https://www.yubico.com/support/security-advisories/ysa-2021-04/

Products affected by CVE-2021-43399

Yubico » Yubihsm 2 Software Development Kit » Version: Any

cpe:2.3:a:yubico:yubihsm_2_software_development_kit:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-43399

Products

Pricing

Contact Us