In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device.
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-9578.json"