2019-03-05 17:07:53 -05:00
|
|
|
{
|
2019-03-17 23:09:32 +00:00
|
|
|
"CVE_data_meta": {
|
|
|
|
|
"ASSIGNER": "cve@mitre.org",
|
|
|
|
|
"ID": "CVE-2019-9578",
|
|
|
|
|
"STATE": "PUBLIC"
|
|
|
|
|
},
|
|
|
|
|
"affects": {
|
|
|
|
|
"vendor": {
|
|
|
|
|
"vendor_data": [
|
|
|
|
|
{
|
|
|
|
|
"product": {
|
|
|
|
|
"product_data": [
|
|
|
|
|
{
|
|
|
|
|
"product_name": "n/a",
|
|
|
|
|
"version": {
|
|
|
|
|
"version_data": [
|
|
|
|
|
{
|
|
|
|
|
"version_value": "n/a"
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
"vendor_name": "n/a"
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
"data_format": "MITRE",
|
|
|
|
|
"data_type": "CVE",
|
|
|
|
|
"data_version": "4.0",
|
|
|
|
|
"description": {
|
|
|
|
|
"description_data": [
|
2019-03-05 18:04:40 -05:00
|
|
|
{
|
2019-03-17 23:09:32 +00:00
|
|
|
"lang": "eng",
|
|
|
|
|
"value": "In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device."
|
2019-03-05 18:04:40 -05:00
|
|
|
}
|
2019-03-17 23:09:32 +00:00
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
"problemtype": {
|
|
|
|
|
"problemtype_data": [
|
|
|
|
|
{
|
|
|
|
|
"description": [
|
|
|
|
|
{
|
|
|
|
|
"lang": "eng",
|
|
|
|
|
"value": "n/a"
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
"references": {
|
|
|
|
|
"reference_data": [
|
|
|
|
|
{
|
|
|
|
|
"name": "https://developers.yubico.com/libu2f-host/Release_Notes.html",
|
|
|
|
|
"refsource": "MISC",
|
|
|
|
|
"url": "https://developers.yubico.com/libu2f-host/Release_Notes.html"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"name": "https://github.com/Yubico/libu2f-host/commit/e4bb58cc8b6202a421e65f8230217d8ae6e16eb5",
|
|
|
|
|
"refsource": "MISC",
|
|
|
|
|
"url": "https://github.com/Yubico/libu2f-host/commit/e4bb58cc8b6202a421e65f8230217d8ae6e16eb5"
|
2019-04-09 02:00:45 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"refsource": "FEDORA",
|
|
|
|
|
"name": "FEDORA-2019-fe6d1fbffa",
|
|
|
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4YCFMSNMXZ7XC4U6WXPQA7JCXC6VOAJ/"
|
2019-05-19 12:00:54 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"refsource": "FEDORA",
|
|
|
|
|
"name": "FEDORA-2019-4d83e78ad8",
|
|
|
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMA4H6AZFYIR3LA5VKKEJZNCCIVMUCFQ/"
|
2019-07-19 12:00:55 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"refsource": "SUSE",
|
|
|
|
|
"name": "openSUSE-SU-2019:1708",
|
|
|
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00012.html"
|
2019-07-19 21:00:51 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"refsource": "SUSE",
|
|
|
|
|
"name": "openSUSE-SU-2019:1725",
|
|
|
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00018.html"
|
2019-12-05 17:01:07 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"refsource": "MISC",
|
|
|
|
|
"name": "https://blog.inhq.net/posts/yubico-libu2f-host-vuln-part2/",
|
|
|
|
|
"url": "https://blog.inhq.net/posts/yubico-libu2f-host-vuln-part2/"
|
2020-05-01 02:01:11 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"refsource": "GENTOO",
|
|
|
|
|
"name": "GLSA-202004-15",
|
|
|
|
|
"url": "https://security.gentoo.org/glsa/202004-15"
|
2019-03-17 23:09:32 +00:00
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
}
|
