{"id":"CVE-2021-40818","details":"scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration.","modified":"2026-04-11T21:23:26.638432Z","published":"2021-09-08T22:15:11.383Z","references":[{"type":"REPORT","url":"https://bugs.debian.org/993867"},{"type":"FIX","url":"https://github.com/babelouest/glewlwyd/commit/0efd112bb62f566877750ad62ee828bff579b4e2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/babelouest/glewlwyd","events":[{"introduced":"0"},{"last_affected":"be4cfc79dc15bd4049e83b16ed42619188fcdc19"},{"fixed":"0efd112bb62f566877750ad62ee828bff579b4e2"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.5.3"}]}}],"versions":["1.0","1.0.1","1.1","1.1.1","1.1.2","1.2","1.2.1","1.2.2","v1.2.3","v1.2.4","v1.3","v1.3.1","v1.3.2","v1.3.3","v1.4.0","v1.4.1","v1.4.2","v1.4.3","v1.4.4","v1.4.6","v1.4.7","v1.4.8","v1.4.9","v2.0.0","v2.0.0-b1","v2.0.0-b2","v2.0.0-b3","v2.0.0-rc1","v2.0.0-rc2","v2.1.0","v2.1.1","v2.2.0","v2.3.0","v2.3.1","v2.3.2","v2.4.0","v2.5.0","v2.5.1","v2.5.2","v2.5.3"],"database_specific":{"vanir_signatures_modified":"2026-04-11T21:23:26Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40818.json","vanir_signatures":[{"source":"https://github.com/babelouest/glewlwyd/commit/0efd112bb62f566877750ad62ee828bff579b4e2","signature_type":"Line","id":"CVE-2021-40818-b9a9e2eb","target":{"file":"src/scheme/webauthn.c"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["168899953365864851267981944936224712259","306939930381762482973842239077045014917","56575773891186167261748599342867103158","141761113036750274431146595629731944791","261807869261021487752498520231737758498","288103742552405928151620312333405988171","34442594092473031831558547911119189434","254435195848689549774795497938078147305","287646012871357051546361415809115228097","100236071656211006069040019061793134698","73805413493150671406720583934818328105"]},"deprecated":false},{"source":"https://github.com/babelouest/glewlwyd/commit/0efd112bb62f566877750ad62ee828bff579b4e2","signature_type":"Function","id":"CVE-2021-40818-c8d95147","target":{"function":"check_attestation_fido_u2f","file":"src/scheme/webauthn.c"},"signature_version":"v1","digest":{"function_hash":"269540315022749937522289855017545701464","length":5021},"deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}