CVE-2020-13132

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/07/2020
Last modified:
21/07/2021

Description

An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free() in the ykpiv_util_generate_key() function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:yubico:libykpiv:*:*:*:*:*:*:*:* 2.1.0 (excluding)
cpe:2.3:a:yubico:piv_tool_manager:*:*:*:*:*:*:*:* 2.0.0 (excluding)
cpe:2.3:a:yubico:yubikey_smart_card_minidriver:*:*:*:*:*:*:*:* 4.1.0.172 (including)