Yubico libu2f-host 1.1.6
Approved changes feed: RSS · Atom
cpe:2.3:a:yubico:libu2f-host:1.1.6:*:*:*:*:*:*:*
part: a version: 1.1.6 update: *
| Vendor | Yubico (f47f12e0-b4db-5ed2-80cf-70347f747b11) |
|---|---|
| Product | Libu2F Host (93f9bd07-1515-5b9a-9ab5-6baf24097b0e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/libu2f-host |
purl2cpe | 2026-06-01 10:13:15.757492 |
pkg:deb/ubuntu/libu2f-host |
purl2cpe | 2026-06-01 10:13:15.757493 |
pkg:github/yubico/libu2f-host |
purl2cpe | 2026-06-01 10:13:15.757495 |
pkg:rpm/fedora/libu2f-host |
purl2cpe | 2026-06-01 10:13:15.757496 |
pkg:rpm/opensuse/libu2f-host |
purl2cpe | 2026-06-01 10:13:15.757497 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-20340 |
vulnerable | 2026-06-03 14:38:38.957992 |
Details available
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey.
Published: 2019-03-17T20:06:42.000Z
Updated: 2024-08-05T11:58:18.796Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.