- Description
- A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 5.9
- Exploitability score
- 0.9
- Vector string
- CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-119
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yubico:piv_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E9E1480-3B52-4116-A0AC-6D40EF27C705",
"versionEndExcluding": "1.4.2"
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78648DEA-0B05-450B-9B69-5A90E0F03B12"
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2b:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F27386DA-D798-442B-AB7A-9F3A8D5298E7"
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2c:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA320FD3-AE57-4CC3-A00B-915CAE53A9CB"
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2d:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1DCA5A56-4979-4981-ABDC-F6243FEDAA48"
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2e:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6ABF3B7-521E-42C4-85A9-A867BE87F8E2"
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2f:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A9DE0A5-2B2D-4669-89F2-306C97445ADB"
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2g:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A6DCD14-7271-40E3-A9C5-B20EFF6B7495"
},
{
"criteria": "cpe:2.3:a:yubico:piv_tool:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3DA5613-3B1C-434A-950B-101FE9BEE7A9",
"versionEndExcluding": "1.6.0"
},
{
"criteria": "cpe:2.3:a:yubico:smart_card_minidriver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60A34CF9-F5B7-4874-961D-22915C55D60F",
"versionEndIncluding": "3.7.3.160"
}
],
"operator": "OR"
}
]
}
]