DSA-4389-1 libu2f-host -- libu2f-hostID: oval:org.secpod.oval:def:53512 | Date: (C)2019-03-29 (M)2023-02-13 |
Class: PATCH | Family: unix |
Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM U2F or an application with libu2f-host integrated, to potentially execute arbitrary code on that computer.