CVE-2020-13132
Description
Incorrect free() in Yubico libykpiv before 2.1.0 allows a malicious PIV smartcard to cause a denial of service via crafted responses during RSA key generation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Incorrect free() in Yubico libykpiv before 2.1.0 allows a malicious PIV smartcard to cause a denial of service via crafted responses during RSA key generation.
Vulnerability
The vulnerability resides in the ykpiv_util_generate_key() function in lib/util.c of Yubico libykpiv versions 2.0.0 and earlier [2]. Due to incorrect error handling code, an attacker can trigger an incorrect free() call, leading to memory corruption and a denial of service [1]. The affected library is included in Yubico PIV Tool (≤2.0.0) and YubiKey Smart Card Minidriver (≤4.1.0.172) [2].
Exploitation
An attacker must control a malicious PIV smartcard that is inserted into the host system while the host initiates RSA key generation [1]. The host's ykpiv_util_generate_key() function communicates with the token; by sending crafted responses that cause an error condition, the attacker can force the library to execute an incorrect free() on a pointer that was not properly allocated [1][2]. No authentication or special privileges are required beyond physical or logical access to the smartcard reader.
Impact
Successful exploitation results in a denial of service, typically a crash of the host application using libykpiv [1][2]. The incorrect free() can corrupt heap memory, leading to unpredictable behavior or termination. There is no indication of code execution or information disclosure from this specific CVE.
Mitigation
The issue is fixed in libykpiv version 2.1.0, released on 2020-07-08 [2]. Users should upgrade Yubico PIV Tool to 2.1.0 and YubiKey Smart Card Minidriver to 4.1.1.210 [2]. No workarounds are documented; upgrading is the only mitigation.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Yubico/libykpivdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Incorrect error handling code in ykpiv_util_generate_key() leads to an incorrect free() call."
Attack vector
An attacker who controls a malicious PIV (FIPS 201) smartcard can trigger the bug during host-initiated private RSA key generation [ref_id=1]. When the library interacts with the card, incorrect error handling code in `ykpiv_util_generate_key()` causes an incorrect `free()` to be executed [ref_id=1]. This results in a denial of service against the host application using libykpiv [ref_id=1].
Affected code
The vulnerability is in the `ykpiv_util_generate_key()` function in `lib/util.c`. Incorrect error handling in this function can lead to an incorrect `free()` call, causing a denial of service [ref_id=1].
What the fix does
The advisory does not include a patch diff. The vendor resolved the issue in libykpiv version 2.1.0, which corrected the error handling code in `ykpiv_util_generate_key()` to avoid the incorrect `free()` [ref_id=1]. No further details about the specific code change are provided in the reference write-up.
Preconditions
- inputAttacker must control a PIV (FIPS 201) smartcard that the victim host interacts with.
- inputThe host application must call ykpiv_util_generate_key() to initiate private RSA key generation with the malicious card.
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- blog.inhq.net/posts/yubico-libykpiv-vuln/mitrex_refsource_MISC
- www.yubico.com/support/security-advisories/ysa-2020-02/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.