suse · CVE-2018-20340

Quick triage

Priority: medium Published: 2021-05-30 14:19:32 UTC Updated: 2025-08-14 02:21:59 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-20340 severity moderate: SUSE including 24 source package names (libu2f-host-devel-1.1.10-150600.16.3, libu2f-host-devel-1.1.10-3.9.1, …), 49 product×package rows across 21 product lines (SUSE Linux Enterprise Desktop 12 SP4, SUSE Linux Enterprise High Performance Computing 12 SP5, … (21 product lines)): Fixed 49.

Description:

Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey.

cvelogic Threat Intelligence