Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-14780

Опубликовано: 15 авг. 2018
Источник: ubuntu
Приоритет: high
EPSS Низкий
CVSS2: 2.1
CVSS3: 4.6

Описание

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function _ykpiv_fetch_object(): {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a memmove() occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the memmove() could copy bytes behind the allocated data buffer into this buffer.

РелизСтатусПримечание
bionic

released

1.4.2-2ubuntu0.1
cosmic

ignored

end of life
devel

not-affected

1.7.0-1
disco

ignored

end of life
eoan

not-affected

1.7.0-1
esm-apps/bionic

released

1.4.2-2ubuntu0.1
esm-apps/focal

not-affected

1.7.0-1
esm-apps/jammy

not-affected

1.7.0-1
esm-apps/xenial

released

1.0.3-1ubuntu0.1~esm1
esm-infra-legacy/trusty

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 36%
0.00147
Низкий

2.1 Low

CVSS2

4.6 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-14780

CVSS3: 4.6
nvd
около 7 лет назад

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer.

debian логотип

CVE-2018-14780

CVSS3: 4.6
debian
около 7 лет назад

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 sma ...

github логотип

GHSA-xwgg-25ph-4c8p

CVSS3: 4.6
github
больше 3 лет назад

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer.

suse-cvrf логотип

openSUSE-SU-2019:1341-1

suse-cvrf
больше 6 лет назад

Security update for yubico-piv-tool

suse-cvrf логотип

openSUSE-SU-2018:2623-1

suse-cvrf
почти 7 лет назад

Security update for yubico-piv-tool

EPSS

Процентиль: 36%
0.00147
Низкий

2.1 Low

CVSS2

4.6 Medium

CVSS3