CVE-2018-14779
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard.
Se ha descubierto una vulnerabilidad de desbordamiento de búfer en el controlador de tarjetas inteligentes de Yubico-Piv 1.5.0. El archivo lib/ykpiv.c contiene el siguiente código en la función "ykpiv_transfer_data()": {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- Se comprueba claramente si el búfer es lo suficientemente grande para contener los datos copiados usando "memcpy()", pero no se manejan los errores para evitar el "memcpy()" en estos casos. Esta ruta de código se puede desencadenar con datos maliciosos provenientes de una tarjeta inteligente.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-08-01 CVE Reserved
- 2018-08-14 CVE Published
- 2023-08-09 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-787: Out-of-bounds Write
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2018/08/14/2 | Mailing List |
|
| https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://usn.ubuntu.com/4276-1 | 2020-02-25 | |
| https://www.yubico.com/support/security-advisories/ysa-2018-03 | 2020-02-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Yubico Search vendor "Yubico" | Piv Manager Search vendor "Yubico" for product "Piv Manager" | < 1.4.2 Search vendor "Yubico" for product "Piv Manager" and version " < 1.4.2" | - |
Affected
| ||||||
| Yubico Search vendor "Yubico" | Piv Manager Search vendor "Yubico" for product "Piv Manager" | 1.4.2 Search vendor "Yubico" for product "Piv Manager" and version "1.4.2" | - |
Affected
| ||||||
| Yubico Search vendor "Yubico" | Piv Manager Search vendor "Yubico" for product "Piv Manager" | 1.4.2b Search vendor "Yubico" for product "Piv Manager" and version "1.4.2b" | - |
Affected
| ||||||
| Yubico Search vendor "Yubico" | Piv Manager Search vendor "Yubico" for product "Piv Manager" | 1.4.2c Search vendor "Yubico" for product "Piv Manager" and version "1.4.2c" | - |
Affected
| ||||||
| Yubico Search vendor "Yubico" | Piv Manager Search vendor "Yubico" for product "Piv Manager" | 1.4.2d Search vendor "Yubico" for product "Piv Manager" and version "1.4.2d" | - |
Affected
| ||||||
| Yubico Search vendor "Yubico" | Piv Manager Search vendor "Yubico" for product "Piv Manager" | 1.4.2e Search vendor "Yubico" for product "Piv Manager" and version "1.4.2e" | - |
Affected
| ||||||
| Yubico Search vendor "Yubico" | Piv Manager Search vendor "Yubico" for product "Piv Manager" | 1.4.2f Search vendor "Yubico" for product "Piv Manager" and version "1.4.2f" | - |
Affected
| ||||||
| Yubico Search vendor "Yubico" | Piv Manager Search vendor "Yubico" for product "Piv Manager" | 1.4.2g Search vendor "Yubico" for product "Piv Manager" and version "1.4.2g" | - |
Affected
| ||||||
| Yubico Search vendor "Yubico" | Piv Tool Search vendor "Yubico" for product "Piv Tool" | < 1.6.0 Search vendor "Yubico" for product "Piv Tool" and version " < 1.6.0" | - |
Affected
| ||||||
| Yubico Search vendor "Yubico" | Smart Card Minidriver Search vendor "Yubico" for product "Smart Card Minidriver" | <= 3.7.3.160 Search vendor "Yubico" for product "Smart Card Minidriver" and version " <= 3.7.3.160" | - |
Affected
| ||||||