Severity by source
Sources disagree (Medium–Critical)AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf.
Analysis
yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf.
Technical ContextAI
A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state. This vulnerability is classified as Classic Buffer Overflow (CWE-120).
RemediationAI
Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.
More in Yubiserver
View allSame weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allVendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 0.6-3 |
| cosmic | not-affected | 0.6-3 |
| disco | not-affected | 0.6-3 |
| precise | ignored | end of life |
| upstream | released | 0.6-1 |
| utopic | ignored | end of life |
| wily | ignored | end of life |
| xenial | not-affected | 0.6-3 |
| yakkety | ignored | end of life |
| zesty | ignored | end of life |
| trusty | DNE | trusty/esm was DNE [trusty was needed] |
| vivid | ignored | end of life |
Debian
Bug #796495| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bookworm, bullseye | fixed | 0.6-3.1 | - |
| trixie | fixed | 0.6-3.2 | - |
| (unstable) | fixed | 0.6-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2015-0855