A vulnerability in Yubico libu2f-host could allow a local attacker to execute arbitrary code on a targeted system.
The vulnerability is due to insufficient buffer checks by the affected software. An attacker who has physical access to a targeted system could exploit this vulnerability by inserting a custom-made USB device that masquerades as a security key and is designed to submit malicious input into the system. A successful exploit could allow the attacker to execute arbitrary code.
Yubico has confirmed the vulnerability and released software updates.
Security Impact Rating: Medium