CVE-2021-27217

{"id": "CVE-2021-27217", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.7}]}, "published": "2021-03-04T18:15:14.050", "references": [{"url": "https://blog.inhq.net/posts/yubico-libyubihsm-vuln2", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/Yubico/yubihsm-shell/releases", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.yubico.com/support/security-advisories/ysa-2021-01/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aes_remove_padding() can crash the running process, depending on the memory layout. This could be used by an attacker to cause a client-side denial of service. The yubihsm-shell project is included in the YubiHSM 2 SDK product."}, {"lang": "es", "value": "Se detect\u00f3 un problema en la funci\u00f3n _send_secure_msg() de Yubico yubihsm-shell versiones hasta de 2.0.3. La funci\u00f3n no comprueba correctamente el campo de longitud insertado de un mensaje autenticado recibido del dispositivo. Lecturas fuera de l\u00edmites llevadas a cabo por la funci\u00f3n aes_remove_padding() pueden bloquear el proceso en ejecuci\u00f3n, dependiendo del dise\u00f1o de la memoria. Esto podr\u00eda ser usado por un atacante para conllevar una denegaci\u00f3n de servicio del lado del cliente. El proyecto yubihsm-shell est\u00e1 incluido en el producto YubiHSM 2 SDK"}], "lastModified": "2021-03-26T20:07:43.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yubico:yubihsm-shell:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F7C9BAC-A77B-4333-A29C-4EABAF1B7003", "versionEndIncluding": "2.0.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}