View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-20340 severity moderate: SUSE including 24 source package names (libu2f-host-devel-1.1.10-150600.16.3, libu2f-host-devel-1.1.10-3.9.1, …), 49 product×package rows across 21 product lines (SUSE Linux Enterprise Desktop 12 SP4, SUSE Linux Enterprise High Performance Computing 12 SP5, … (21 product lines)): Fixed 49.
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is currently in use. It is not possible to perform this attack with a genuine YubiKey.