First published: Wed Aug 15 2018(Updated: )
An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Yubico Piv Manager | <1.4.2 | |
Yubico Piv Manager | =1.4.2 | |
Yubico Piv Manager | =1.4.2b | |
Yubico Piv Manager | =1.4.2c | |
Yubico Piv Manager | =1.4.2d | |
Yubico Piv Manager | =1.4.2e | |
Yubico Piv Manager | =1.4.2f | |
Yubico Piv Manager | =1.4.2g | |
Yubico Piv Tool | <1.6.0 | |
Yubico Smart Card Minidriver | <=3.7.3.160 | |
debian/yubico-piv-tool | 2.2.0-1 2.2.0-1.1 2.5.2-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-14780 is an out-of-bounds read issue in the Yubico-Piv smartcard driver.
CVE-2018-14780 has a severity level of medium.
The Yubico-Piv tool, Yubico Piv Manager, and Yubico Smart Card Minidriver are affected by CVE-2018-14780.
To fix CVE-2018-14780, update your Yubico-Piv tool, Yubico Piv Manager, or Yubico Smart Card Minidriver to the recommended versions.
You can find more information about CVE-2018-14780 on the Openwall and X41-DSEC websites.