VYPR
High severityNVD Advisory· Published Apr 14, 2021· Updated Aug 3, 2024

CVE-2021-28484

CVE-2021-28484

Description

An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/Yubico/yubihsm-connectorGo
< 3.0.13.0.1

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.