- Description
- An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 3.6
- Exploitability score
- 0.9
- Vector string
- CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-125
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yubico:piv_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E9E1480-3B52-4116-A0AC-6D40EF27C705",
"versionEndExcluding": "1.4.2"
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78648DEA-0B05-450B-9B69-5A90E0F03B12"
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2b:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F27386DA-D798-442B-AB7A-9F3A8D5298E7"
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2c:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA320FD3-AE57-4CC3-A00B-915CAE53A9CB"
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2d:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1DCA5A56-4979-4981-ABDC-F6243FEDAA48"
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2e:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6ABF3B7-521E-42C4-85A9-A867BE87F8E2"
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2f:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A9DE0A5-2B2D-4669-89F2-306C97445ADB"
},
{
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2g:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A6DCD14-7271-40E3-A9C5-B20EFF6B7495"
},
{
"criteria": "cpe:2.3:a:yubico:piv_tool:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3DA5613-3B1C-434A-950B-101FE9BEE7A9",
"versionEndExcluding": "1.6.0"
},
{
"criteria": "cpe:2.3:a:yubico:smart_card_minidriver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60A34CF9-F5B7-4874-961D-22915C55D60F",
"versionEndIncluding": "3.7.3.160"
}
],
"operator": "OR"
}
]
}
]