CVE-2021-40818

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-40818

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40818.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-40818

Downstream

DEBIAN-CVE-2021-40818

UBUNTU-CVE-2021-40818

Published

2021-09-08T22:15:11Z

Modified

2025-10-21T06:34:16.714483Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration.

References

Affected packages

Git / github.com/babelouest/glewlwyd

Affected ranges

Type: GIT
Repo: https://github.com/babelouest/glewlwyd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0efd112bb62f566877750ad62ee828bff579b4e2

Affected versions

1.*

1.0

1.0.1

1.1

1.1.1

1.1.2

1.2

1.2.1

1.2.2

v1.*

v1.2.3

v1.2.4

v1.3

v1.3.1

v1.3.2

v1.3.2-b

v1.3.2-b.2

v1.3.2-b.3

v1.3.2-b.4

v1.3.2-b.5

v1.3.2-b.6

v1.3.3

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.4.6

v1.4.7

v1.4.8

v1.4.9

v2.*

v2.0.0

v2.0.0-b1

v2.0.0-b2

v2.0.0-b3

v2.0.0-rc1

v2.0.0-rc2

v2.1.0

v2.1.1

v2.2.0

v2.3.0

v2.3.1

v2.3.2

v2.4.0

v2.5.0

v2.5.1

v2.5.2

v2.5.3

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "source": "https://github.com/babelouest/glewlwyd/commit/0efd112bb62f566877750ad62ee828bff579b4e2",
        "id": "CVE-2021-40818-b9a9e2eb",
        "digest": {
            "line_hashes": [
                "168899953365864851267981944936224712259",
                "306939930381762482973842239077045014917",
                "56575773891186167261748599342867103158",
                "141761113036750274431146595629731944791",
                "261807869261021487752498520231737758498",
                "288103742552405928151620312333405988171",
                "34442594092473031831558547911119189434",
                "254435195848689549774795497938078147305",
                "287646012871357051546361415809115228097",
                "100236071656211006069040019061793134698",
                "73805413493150671406720583934818328105"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/scheme/webauthn.c"
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/babelouest/glewlwyd/commit/0efd112bb62f566877750ad62ee828bff579b4e2",
        "id": "CVE-2021-40818-c8d95147",
        "digest": {
            "function_hash": "269540315022749937522289855017545701464",
            "length": 5021.0
        },
        "target": {
            "function": "check_attestation_fido_u2f",
            "file": "src/scheme/webauthn.c"
        },
        "signature_type": "Function",
        "signature_version": "v1"
    }
]