CVE-2020-13131
Description
Yubico libykpiv before 2.1.0 fails to validate length fields from a PIV token, allowing an out-of-bounds read that leaks stack memory (PINs, keys) into the returned RSA public key.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Yubico libykpiv before 2.1.0 fails to validate length fields from a PIV token, allowing an out-of-bounds read that leaks stack memory (PINs, keys) into the returned RSA public key.
Vulnerability
An out-of-bounds read vulnerability exists in Yubico libykpiv before version 2.1.0, specifically in the lib/util.c file. During host-initiated RSA key generation, a malicious PIV (FIPS 201) smartcard can misreport the returned length fields. The library does not properly check these embedded length fields during device communication, causing stack memory to be copied into heap-allocated memory that is returned to the caller as part of the RSA public key [1]. Affected versions include all releases prior to 2.1.0.
Exploitation
An attacker needs a malicious PIV token that can craft responses with incorrect length fields. The host must initiate RSA key generation (which is triggered by the host and cannot be directly triggered by the token). During the key generation handshake, the token returns a malformed length field that causes the library to read beyond the intended stack buffer. The out-of-bounds read copies stack memory into the buffer that will be returned as the RSA public key [1]. No authentication or special user interaction beyond the normal key generation process is required; the attack is triggered during a legitimate operation.
Impact
Successful exploitation leaks stack memory from the host process into the RSA public key structure that is returned to the caller. This leaked memory can contain sensitive information such as PINs, passwords, key material, and other secrets depending on what was on the stack at the time. The caller—typically yubico-piv-tool or an application integrating libykpiv—may subsequently store, transmit, or log the corrupted public key, thereby propagating the sensitive data across trust boundaries [1]. This is an unusual information disclosure scenario where the leaked data is embedded in what appears to be a valid cryptographic object.
Mitigation
The fix is included in libykpiv version 2.1.0, released on 2020-07-09. Users should upgrade to libykpiv 2.1.0 or later. No workaround is available for older versions; applications must be updated with the patched library. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog [2].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Yubico/libykpivdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing validation of embedded length fields in device communication allows a malicious PIV token to cause an out-of-bounds read from the host stack."
Attack vector
A malicious PIV token (smartcard) can report crafted length fields during host-initiated RSA key generation. Because the library does not validate these embedded length fields, the host copies stack memory into a heap-allocated buffer that is returned to the caller as part of the RSA public key [ref_id=1]. The leaked stack memory may contain PINs, passwords, key material, or other sensitive data depending on the integration. Note that RSA key generation is triggered by the host and cannot be directly triggered by the token, so the attacker must control or supply a malicious PIV device.
Affected code
The vulnerability resides in `lib/util.c` of the libykpiv library (before version 2.1.0). This file handles device communication and does not properly validate embedded length fields returned by the PIV token during RSA key generation.
What the fix does
The advisory does not include a patch diff, but the fix is applied in libykpiv version 2.1.0. The remediation adds proper validation of the embedded length fields returned by the PIV token during device communication in `lib/util.c`, ensuring that the reported lengths do not exceed the actual buffer boundaries before copying data [ref_id=1].
Preconditions
- inputAttacker must control or supply a malicious PIV token (smartcard) that the host interacts with.
- inputThe host must initiate an RSA key generation operation against the malicious token.
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- blog.inhq.net/posts/yubico-libykpiv-vuln/mitrex_refsource_MISC
- www.yubico.com/products/services-software/download/smart-card-drivers-tools/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.