Detections
Analytics
Yubico YubiHSM 2 SDK YubiHSM Shell 2.4.0 Uninitialized Memory Read (YSA-2023-01)
high Nessus Plugin ID 269987
Language:
Synopsis
The Yubico YubiHSM Shell, a component of YubiHSM 2 SDK, installed on the remote host is affected by an uninitialized memory read vulnability.Description
The version of Yubico YubiHSM Shell, a component of YubiHSM 2 SDK, installed on the remote host is 2.4.0. It is, therefore, affected by an uninitlized memory read vulnerability:- The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory.
(CVE-2023-39908)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade YubiHSM Shell by installing the latest verison of the YubiHSM 2 SDK.See Also
https://www.yubico.com/support/security-advisories/ysa-2023-01/
Plugin Details
Severity: High
ID: 269987
File Name: yubico_yubihsm_shell_2_4_0.nasl
Version: 1.1
Type: local
Agent: unix
Family: Misc.
Published: 10/10/2025
Updated: 10/10/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: High
Base Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
CVSS Score Source: CVE-2023-39908
CVSS v3
Risk Factor: High
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Information
CPE: cpe:/a:yubico:yubihsm-shell, cpe:/a:yubico:yubihsm_2_sdk
Required KB Items: installed_sw/Yubico YubiHSM Shell
Patch Publication Date: 8/14/2023
Vulnerability Publication Date: 8/14/2023
Reference Information
CVE: CVE-2023-39908
IAVB: 2025-B-0169