Yubico libu2f-host Buffer Overflow Vulnerability



A vulnerability in Yubico libu2f-host could allow a local attacker to execute arbitrary code on a targeted system.

The vulnerability is due to insufficient buffer checks by the affected software. An attacker who has physical access to a targeted system could exploit this vulnerability by inserting a custom-made USB device that masquerades as a security key and is designed to submit malicious input into the system. A successful exploit could allow the attacker to execute arbitrary code.

Yubico has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2018-20340

Source:: Cisco Multivendor Vulnerability Alerts