{"id":"CVE-2018-9275","details":"In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors).","modified":"2026-04-11T14:11:15.735810Z","published":"2018-04-04T18:29:02.497Z","related":["openSUSE-SU-2024:11146-1"],"references":[{"type":"REPORT","url":"https://bugzilla.opensuse.org/show_bug.cgi?id=1088027"},{"type":"REPORT","url":"https://github.com/Yubico/yubico-pam/issues/136"},{"type":"FIX","url":"https://github.com/Yubico/yubico-pam/commit/0f6ceabab0a8849b47f67d727aa526c2656089ba"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/Yubico/yubico-pam","events":[{"introduced":"f5363a207b14d46b86022e598399a31201164594"},{"last_affected":"432d7c60a1f64bfd1ad05683392cec36c6bc8455"}],"database_specific":{"versions":[{"introduced":"2.18"},{"last_affected":"2.25"}]}},{"type":"GIT","repo":"https://github.com/yubico/yubico-pam","events":[{"introduced":"0"},{"fixed":"0f6ceabab0a8849b47f67d727aa526c2656089ba"}]}],"versions":["2.10","2.11","2.12","2.13","2.14","2.15","2.16","2.17","2.18","2.19","2.20","2.21","2.22","2.23","2.24","2.25","2.5","2.6","2.6pre2","2.6pre3","2.7","2.8","2.9","v2.6"],"database_specific":{"vanir_signatures":[{"target":{"file":"util.c"},"id":"CVE-2018-9275-73e96989","deprecated":false,"digest":{"line_hashes":["226607563752128757887514930765907415801","279701570390930019583909742435872770862","308494850977619412175153327874514612777","203417458892300943278019038761638732730"],"threshold":0.9},"signature_type":"Line","source":"https://github.com/yubico/yubico-pam/commit/0f6ceabab0a8849b47f67d727aa526c2656089ba","signature_version":"v1"},{"target":{"function":"check_user_token","file":"util.c"},"id":"CVE-2018-9275-fa157aba","deprecated":false,"digest":{"length":1698,"function_hash":"119299559369141334615512022658670539382"},"signature_type":"Function","source":"https://github.com/yubico/yubico-pam/commit/0f6ceabab0a8849b47f67d727aa526c2656089ba","signature_version":"v1"}],"vanir_signatures_modified":"2026-04-11T14:11:15Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-9275.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}]}