CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors).

Product Status

Learn more

Information not provided

References 3 Total

https://bugzilla.opensuse.org/show_bug.cgi?id=1088027
external site
https://github.com/Yubico/yubico-pam/commit/0f6ceabab0a8849b47f67d727aa526c2656089ba
external site
https://github.com/Yubico/yubico-pam/issues/136
external site

Updated: 2024-08-05

This container includes required additional information provided by the CVE Program for this vulnerability.

References 3 Total

https://bugzilla.opensuse.org/show_bug.cgi?id=1088027
external site
x_transferred
https://github.com/Yubico/yubico-pam/commit/0f6ceabab0a8849b47f67d727aa526c2656089ba
external site
x_transferred
https://github.com/Yubico/yubico-pam/issues/136
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: MITRE Corporation

Description

Product Status

References 3 Total

CVE Program

References 3 Total