Search criteria
6 vulnerabilities found for piv_manager by yubico
FKIE_CVE-2018-14779
Vulnerability from fkie_nvd - Published: 2018-08-15 18:29 - Updated: 2024-11-21 03:49
Severity ?
Summary
A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yubico | piv_manager | * | |
| yubico | piv_manager | 1.4.2 | |
| yubico | piv_manager | 1.4.2b | |
| yubico | piv_manager | 1.4.2c | |
| yubico | piv_manager | 1.4.2d | |
| yubico | piv_manager | 1.4.2e | |
| yubico | piv_manager | 1.4.2f | |
| yubico | piv_manager | 1.4.2g | |
| yubico | piv_tool | * | |
| yubico | smart_card_minidriver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yubico:piv_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9E1480-3B52-4116-A0AC-6D40EF27C705",
"versionEndExcluding": "1.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78648DEA-0B05-450B-9B69-5A90E0F03B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "F27386DA-D798-442B-AB7A-9F3A8D5298E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "BA320FD3-AE57-4CC3-A00B-915CAE53A9CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCA5A56-4979-4981-ABDC-F6243FEDAA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "A6ABF3B7-521E-42C4-85A9-A867BE87F8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9DE0A5-2B2D-4669-89F2-306C97445ADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2g:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6DCD14-7271-40E3-A9C5-B20EFF6B7495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yubico:piv_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3DA5613-3B1C-434A-950B-101FE9BEE7A9",
"versionEndExcluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yubico:smart_card_minidriver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60A34CF9-F5B7-4874-961D-22915C55D60F",
"versionEndIncluding": "3.7.3.160",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 \u003e max_out) { fprintf(stderr, \"Output buffer to small, wanted to write %lu, max was %lu.\", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad de desbordamiento de b\u00fafer en el controlador de tarjetas inteligentes de Yubico-Piv 1.5.0. El archivo lib/ykpiv.c contiene el siguiente c\u00f3digo en la funci\u00f3n \"ykpiv_transfer_data()\": {% highlight c %} if(*out_len + recv_len - 2 \u003e max_out) { fprintf(stderr, \"Output buffer to small, wanted to write %lu, max was %lu.\", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- Se comprueba claramente si el b\u00fafer es lo suficientemente grande para contener los datos copiados usando \"memcpy()\", pero no se manejan los errores para evitar el \"memcpy()\" en estos casos. Esta ruta de c\u00f3digo se puede desencadenar con datos maliciosos provenientes de una tarjeta inteligente."
}
],
"id": "CVE-2018-14779",
"lastModified": "2024-11-21T03:49:46.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-15T18:29:00.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/14/2"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4276-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/14/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4276-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-14780
Vulnerability from fkie_nvd - Published: 2018-08-15 18:29 - Updated: 2024-11-21 03:49
Severity ?
Summary
An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yubico | piv_manager | * | |
| yubico | piv_manager | 1.4.2 | |
| yubico | piv_manager | 1.4.2b | |
| yubico | piv_manager | 1.4.2c | |
| yubico | piv_manager | 1.4.2d | |
| yubico | piv_manager | 1.4.2e | |
| yubico | piv_manager | 1.4.2f | |
| yubico | piv_manager | 1.4.2g | |
| yubico | piv_tool | * | |
| yubico | smart_card_minidriver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yubico:piv_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9E1480-3B52-4116-A0AC-6D40EF27C705",
"versionEndExcluding": "1.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78648DEA-0B05-450B-9B69-5A90E0F03B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "F27386DA-D798-442B-AB7A-9F3A8D5298E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "BA320FD3-AE57-4CC3-A00B-915CAE53A9CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCA5A56-4979-4981-ABDC-F6243FEDAA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "A6ABF3B7-521E-42C4-85A9-A867BE87F8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9DE0A5-2B2D-4669-89F2-306C97445ADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2g:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6DCD14-7271-40E3-A9C5-B20EFF6B7495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yubico:piv_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3DA5613-3B1C-434A-950B-101FE9BEE7A9",
"versionEndExcluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yubico:smart_card_minidriver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60A34CF9-F5B7-4874-961D-22915C55D60F",
"versionEndIncluding": "3.7.3.160",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, \u0026outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad de lectura fuera de l\u00edmites en el controlador de tarjetas inteligentes de Yubico-Piv 1.5.0. El archivo lib/ykpiv.c contiene el siguiente c\u00f3digo en la funci\u00f3n \"_ykpiv_fetch_object()\": {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- Al final, ocurre un \"memmove()\" con una longitud recuperada de los datos APDU. No se comprueba si la longitud es de fuera de los datos APDU recuperados. Por lo tanto, \"memmove()\" podr\u00eda copiar bytes de detr\u00e1s del b\u00fafer de datos asignado en este b\u00fafer."
}
],
"id": "CVE-2018-14780",
"lastModified": "2024-11-21T03:49:46.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-15T18:29:00.887",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/14/2"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4276-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/14/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4276-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-14780 (GCVE-0-2018-14780)
Vulnerability from cvelistv5 – Published: 2018-08-15 18:00 – Updated: 2024-08-05 09:38
VLAI?
Summary
An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/"
},
{
"name": "[oss-security] 20180814 X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/14/2"
},
{
"name": "USN-4276-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4276-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, \u0026outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-25T03:06:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/"
},
{
"name": "[oss-security] 20180814 X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/14/2"
},
{
"name": "USN-4276-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4276-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, \u0026outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.yubico.com/support/security-advisories/ysa-2018-03/",
"refsource": "CONFIRM",
"url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/"
},
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/",
"refsource": "MISC",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/"
},
{
"name": "[oss-security] 20180814 X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/08/14/2"
},
{
"name": "USN-4276-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4276-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14780",
"datePublished": "2018-08-15T18:00:00",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-08-05T09:38:13.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14779 (GCVE-0-2018-14779)
Vulnerability from cvelistv5 – Published: 2018-08-15 18:00 – Updated: 2024-08-05 09:38
VLAI?
Summary
A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/"
},
{
"name": "[oss-security] 20180814 X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/14/2"
},
{
"name": "USN-4276-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4276-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 \u003e max_out) { fprintf(stderr, \"Output buffer to small, wanted to write %lu, max was %lu.\", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-25T03:06:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/"
},
{
"name": "[oss-security] 20180814 X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/14/2"
},
{
"name": "USN-4276-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4276-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 \u003e max_out) { fprintf(stderr, \"Output buffer to small, wanted to write %lu, max was %lu.\", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.yubico.com/support/security-advisories/ysa-2018-03/",
"refsource": "CONFIRM",
"url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/"
},
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/",
"refsource": "MISC",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/"
},
{
"name": "[oss-security] 20180814 X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/08/14/2"
},
{
"name": "USN-4276-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4276-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14779",
"datePublished": "2018-08-15T18:00:00",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-08-05T09:38:13.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14780 (GCVE-0-2018-14780)
Vulnerability from nvd – Published: 2018-08-15 18:00 – Updated: 2024-08-05 09:38
VLAI?
Summary
An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/"
},
{
"name": "[oss-security] 20180814 X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/14/2"
},
{
"name": "USN-4276-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4276-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, \u0026outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-25T03:06:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/"
},
{
"name": "[oss-security] 20180814 X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/14/2"
},
{
"name": "USN-4276-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4276-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, \u0026outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.yubico.com/support/security-advisories/ysa-2018-03/",
"refsource": "CONFIRM",
"url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/"
},
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/",
"refsource": "MISC",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/"
},
{
"name": "[oss-security] 20180814 X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/08/14/2"
},
{
"name": "USN-4276-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4276-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14780",
"datePublished": "2018-08-15T18:00:00",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-08-05T09:38:13.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14779 (GCVE-0-2018-14779)
Vulnerability from nvd – Published: 2018-08-15 18:00 – Updated: 2024-08-05 09:38
VLAI?
Summary
A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/"
},
{
"name": "[oss-security] 20180814 X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/14/2"
},
{
"name": "USN-4276-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4276-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 \u003e max_out) { fprintf(stderr, \"Output buffer to small, wanted to write %lu, max was %lu.\", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-25T03:06:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/"
},
{
"name": "[oss-security] 20180814 X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/14/2"
},
{
"name": "USN-4276-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4276-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 \u003e max_out) { fprintf(stderr, \"Output buffer to small, wanted to write %lu, max was %lu.\", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.yubico.com/support/security-advisories/ysa-2018-03/",
"refsource": "CONFIRM",
"url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/"
},
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/",
"refsource": "MISC",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/"
},
{
"name": "[oss-security] 20180814 X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/08/14/2"
},
{
"name": "USN-4276-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4276-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14779",
"datePublished": "2018-08-15T18:00:00",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-08-05T09:38:13.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}