Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-14779

Опубликовано: 15 авг. 2018
Источник: nvd
CVSS3: 6.8
CVSS2: 7.2
EPSS Низкий

Описание

A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function ykpiv_transfer_data(): {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using memcpy(), but no error handling happens to avoid the memcpy() in such cases. This code path can be triggered with malicious data coming from a smartcard.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:yubico:piv_manager:*:*:*:*:*:*:*:*
Версия до 1.4.2 (исключая)
cpe:2.3:a:yubico:piv_manager:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:yubico:piv_manager:1.4.2b:*:*:*:*:*:*:*
cpe:2.3:a:yubico:piv_manager:1.4.2c:*:*:*:*:*:*:*
cpe:2.3:a:yubico:piv_manager:1.4.2d:*:*:*:*:*:*:*
cpe:2.3:a:yubico:piv_manager:1.4.2e:*:*:*:*:*:*:*
cpe:2.3:a:yubico:piv_manager:1.4.2f:*:*:*:*:*:*:*
cpe:2.3:a:yubico:piv_manager:1.4.2g:*:*:*:*:*:*:*
cpe:2.3:a:yubico:piv_tool:*:*:*:*:*:*:*:*
Версия до 1.6.0 (исключая)
cpe:2.3:a:yubico:smart_card_minidriver:*:*:*:*:*:*:*:*
Версия до 3.7.3.160 (включая)

EPSS

Процентиль: 36%
0.00149
Низкий

6.8 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-119

Связанные уязвимости

ubuntu логотип

CVE-2018-14779

CVSS3: 6.8
ubuntu
больше 7 лет назад

A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard.

debian логотип

CVE-2018-14779

CVSS3: 6.8
debian
больше 7 лет назад

A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartca ...

github логотип

GHSA-rvwc-p7mj-cmgq

CVSS3: 6.8
github
больше 3 лет назад

A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard.

suse-cvrf логотип

openSUSE-SU-2019:1341-1

suse-cvrf
больше 6 лет назад

Security update for yubico-piv-tool

suse-cvrf логотип

openSUSE-SU-2018:2623-1

suse-cvrf
больше 7 лет назад

Security update for yubico-piv-tool

EPSS

Процентиль: 36%
0.00149
Низкий

6.8 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-119