Yubico libu2f-host devs.c Memory Leak Denial of Service Vulnerability

By GIXnews


A vulnerability in Yubico libu2f-host could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability exist in the devs.c source code file of the affected software and is due to improper parsing of the response to the initialization (init) daemon by the affected software. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. A successful exploit could cause an uninitialized stack memory leak, resulting in a DoS condition.

Yubico has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2019-9578

Source:: Cisco Multivendor Vulnerability Alerts