CVE-2018-14780
Description
An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function _ykpiv_fetch_object(): {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a memmove() occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the memmove() could copy bytes behind the allocated data buffer into this buffer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: =1.5.0
- osv-coords3 versionspkg:rpm/opensuse/yubico-piv-tool&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/yubico-piv-tool&distro=openSUSE%20Tumbleweedpkg:rpm/suse/yubico-piv-tool&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015
< 1.5.0-lp150.2.3.1+ 2 more
- (no CPE)range: < 1.5.0-lp150.2.3.1
- (no CPE)range: < 2.2.0-1.5
- (no CPE)range: < 1.5.0-3.3.33
Patches
Vulnerability mechanics
References
4- www.openwall.com/lists/oss-security/2018/08/14/2nvdMailing ListThird Party Advisory
- www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/nvdThird Party Advisory
- www.yubico.com/support/security-advisories/ysa-2018-03/nvdVendor Advisory
- usn.ubuntu.com/4276-1/nvd
News mentions
0No linked articles in our index yet.