Information leak via U2F #26

tsusanka · 2022-10-07T13:12:10Z

tsusanka
Oct 7, 2022
Maintainer

Impact: Information leak
Scalability: Remote (Unlocked)
Severity: Low
Fixed in: Firmware 1.7.2
Reported by: Christian Reitter
Date reported: 2018-11-26

Details

The C/C++ reference implementation for U2F by Yubico contains broken definition of a struct which can leak bytes from RAM via USB. The bug was fixed by updating the structure definition to a new correct one.

Fix

trezor/trezor-firmware@0b26c52

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Trezor

Information leak via U2F #26

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 0 comments

Select a reply

Uh oh!

Trezor

Information leak via U2F #26

Uh oh!

Uh oh!

tsusanka Oct 7, 2022 Maintainer

Details

Fix

Read more

Replies: 0 comments

tsusanka
Oct 7, 2022
Maintainer