Unrated severityOSV Advisory· Published Mar 5, 2019· Updated Aug 4, 2024
CVE-2019-9578
CVE-2019-9578
Description
In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20libu2f-host-0.0, libu2f-host-0.0.1, libu2f-host-0.0.2, …+ 1 more
- (no CPE)range: libu2f-host-0.0, libu2f-host-0.0.1, libu2f-host-0.0.2, …
- (no CPE)range: <1.1.8
- osv-coords18 versionspkg:rpm/opensuse/libu2f-host&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/libu2f-host&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libu2f-host&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/libu2f-host&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/pam_u2f&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/pam_u2f&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/libu2f-host&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/libu2f-host&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/libu2f-host&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libu2f-host&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/libu2f-host&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/libu2f-host&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/libu2f-host&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/pam_u2f&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/pam_u2f&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/pam_u2f&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/pam_u2f&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/pam_u2f&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
< 1.1.6-lp150.10.1+ 17 more
- (no CPE)range: < 1.1.6-lp150.10.1
- (no CPE)range: < 1.1.6-lp151.2.6.1
- (no CPE)range: < 1.1.10-lp152.4.3.1
- (no CPE)range: < 1.1.10-3.9.1
- (no CPE)range: < 1.0.8-lp150.7.1
- (no CPE)range: < 1.0.8-lp151.2.3.1
- (no CPE)range: < 1.1.6-3.5.1
- (no CPE)range: < 1.1.6-3.6.1
- (no CPE)range: < 1.1.6-3.6.1
- (no CPE)range: < 1.1.10-3.9.1
- (no CPE)range: < 1.1.10-3.9.1
- (no CPE)range: < 1.1.6-3.5.1
- (no CPE)range: < 1.1.6-3.5.1
- (no CPE)range: < 1.0.8-3.3.1
- (no CPE)range: < 1.0.8-3.3.1
- (no CPE)range: < 1.0.8-3.3.1
- (no CPE)range: < 1.0.8-3.3.1
- (no CPE)range: < 1.0.8-3.3.1
Patches
Vulnerability mechanics
References
8- lists.opensuse.org/opensuse-security-announce/2019-07/msg00012.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-07/msg00018.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMA4H6AZFYIR3LA5VKKEJZNCCIVMUCFQ/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S4YCFMSNMXZ7XC4U6WXPQA7JCXC6VOAJ/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202004-15mitrevendor-advisoryx_refsource_GENTOO
- blog.inhq.net/posts/yubico-libu2f-host-vuln-part2/mitrex_refsource_MISC
- developers.yubico.com/libu2f-host/Release_Notes.htmlmitrex_refsource_MISC
- github.com/Yubico/libu2f-host/commit/e4bb58cc8b6202a421e65f8230217d8ae6e16eb5mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.