How severe is CVE-2020-13131?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2020-13131?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2020-13131

MEDIUM Year: 2020

CVSS v3 Score

4.3

Medium

CVSS v2 Score

1.9

Low

Weakness Type

CWE-125

View all →

Vulnerability Description

An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is included in yubico-piv-tool) does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will cause stack memory to be copied into heap allocated memory that gets returned to the caller. The leaked memory could include PINs, passwords, key material, and other sensitive information depending on the integration. During further processing by the caller, this information could leak across trust boundaries. Note that RSA key generation is triggered by the host and cannot directly be triggered by the token.

CVE-2016-10208

MEDIUM

CVSS:4.3(Medium)

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service...

CWE-1252016

CVE-2017-17182

MEDIUM

CVSS:4.3(Medium)

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R...

CWE-1252017

CVE-2017-17185

MEDIUM

CVSS:4.3(Medium)

CWE-1252017

CVE-2017-17281

MEDIUM

CVSS:4.3(Medium)

SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V60...

CWE-1252017

CVE-2018-16427

MEDIUM

CVSS:4.3(Medium)

Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.

CWE-1252018

CVE-2018-16866

MEDIUM

CVSS:4.3(Medium)

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions...

CWE-1252018

CVE-2020-13131

Vulnerability Description

Related Vulnerabilities

CVE-2016-10208

CVE-2017-17182

CVE-2017-17185

CVE-2017-17281

CVE-2018-16427

CVE-2018-16866