Candidate: CVE-2019-9578
PublicDate: 2019-03-05 23:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9578
 https://developers.yubico.com/libu2f-host/Release_Notes.html
 https://github.com/Yubico/libu2f-host/commit/e4bb58cc8b6202a421e65f8230217d8ae6e16eb5
Description:
 In devs.c in Yubico libu2f-host before 1.1.8, the response to init is
 misparsed, leaking uninitialized stack memory back to the device.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_libu2f-host:
upstream_libu2f-host: needs-triage
precise/esm_libu2f-host: DNE
trusty_libu2f-host: DNE
trusty/esm_libu2f-host: DNE
xenial_libu2f-host: ignored (end of standard support, was needed)
bionic_libu2f-host: needed
cosmic_libu2f-host: ignored (reached end-of-life)
disco_libu2f-host: released (1.1.9-1)
eoan_libu2f-host: not-affected (1.1.9-1)
focal_libu2f-host: not-affected (1.1.9-1)
groovy_libu2f-host: not-affected (1.1.9-1)
hirsute_libu2f-host: not-affected (1.1.9-1)
impish_libu2f-host: not-affected (1.1.9-1)
jammy_libu2f-host: not-affected (1.1.9-1)
devel_libu2f-host: not-affected (1.1.9-1)