Candidate: CVE-2020-13132
PublicDate: 2020-07-09 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13132
 https://blog.inhq.net/posts/yubico-libykpiv-vuln/
 https://www.yubico.com/support/security-advisories/ysa-2020-02/
Description:
 An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can
 trigger an incorrect free() in the ykpiv_util_generate_key() function in
 lib/util.c through incorrect error handling code. This could be used to
 cause a denial of service attack.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [4.6 MEDIUM]


Patches_yubico-piv-tool:
upstream_yubico-piv-tool: needs-triage
precise/esm_yubico-piv-tool: DNE
trusty_yubico-piv-tool: ignored (out of standard support)
trusty/esm_yubico-piv-tool: DNE
xenial_yubico-piv-tool: ignored (end of standard support, was needs-triage)
bionic_yubico-piv-tool: needs-triage
eoan_yubico-piv-tool: ignored (reached end-of-life)
focal_yubico-piv-tool: needs-triage
groovy_yubico-piv-tool: ignored (reached end-of-life)
hirsute_yubico-piv-tool: not-affected (2.1.1-3)
impish_yubico-piv-tool: not-affected (2.1.1-3)
jammy_yubico-piv-tool: not-affected (2.1.1-3)
devel_yubico-piv-tool: not-affected (2.1.1-3)