Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-14780

Опубликовано: 15 авг. 2018
Источник: nvd
CVSS3: 4.6
CVSS2: 2.1
EPSS Низкий

Описание

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function _ykpiv_fetch_object(): {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a memmove() occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the memmove() could copy bytes behind the allocated data buffer into this buffer.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:yubico:piv_manager:*:*:*:*:*:*:*:*
Версия до 1.4.2 (исключая)
cpe:2.3:a:yubico:piv_manager:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:yubico:piv_manager:1.4.2b:*:*:*:*:*:*:*
cpe:2.3:a:yubico:piv_manager:1.4.2c:*:*:*:*:*:*:*
cpe:2.3:a:yubico:piv_manager:1.4.2d:*:*:*:*:*:*:*
cpe:2.3:a:yubico:piv_manager:1.4.2e:*:*:*:*:*:*:*
cpe:2.3:a:yubico:piv_manager:1.4.2f:*:*:*:*:*:*:*
cpe:2.3:a:yubico:piv_manager:1.4.2g:*:*:*:*:*:*:*
cpe:2.3:a:yubico:piv_tool:*:*:*:*:*:*:*:*
Версия до 1.6.0 (исключая)
cpe:2.3:a:yubico:smart_card_minidriver:*:*:*:*:*:*:*:*
Версия до 3.7.3.160 (включая)

EPSS

Процентиль: 36%
0.00147
Низкий

4.6 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2018-14780

CVSS3: 4.6
ubuntu
около 7 лет назад

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer.

debian логотип

CVE-2018-14780

CVSS3: 4.6
debian
около 7 лет назад

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 sma ...

github логотип

GHSA-xwgg-25ph-4c8p

CVSS3: 4.6
github
больше 3 лет назад

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer.

suse-cvrf логотип

openSUSE-SU-2019:1341-1

suse-cvrf
больше 6 лет назад

Security update for yubico-piv-tool

suse-cvrf логотип

openSUSE-SU-2018:2623-1

suse-cvrf
почти 7 лет назад

Security update for yubico-piv-tool

EPSS

Процентиль: 36%
0.00147
Низкий

4.6 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-125