CVE-2018-14780
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer.
Se ha descubierto una vulnerabilidad de lectura fuera de límites en el controlador de tarjetas inteligentes de Yubico-Piv 1.5.0. El archivo lib/ykpiv.c contiene el siguiente código en la función "_ykpiv_fetch_object()": {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- Al final, ocurre un "memmove()" con una longitud recuperada de los datos APDU. No se comprueba si la longitud es de fuera de los datos APDU recuperados. Por lo tanto, "memmove()" podría copiar bytes de detrás del búfer de datos asignado en este búfer.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-08-01 CVE Reserved
- 2018-08-14 CVE Published
- 2023-08-09 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2018/08/14/2 | Mailing List |
|
| https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://usn.ubuntu.com/4276-1 | 2020-02-25 | |
| https://www.yubico.com/support/security-advisories/ysa-2018-03 | 2020-02-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Yubico Search vendor "Yubico" | Piv Manager Search vendor "Yubico" for product "Piv Manager" | < 1.4.2 Search vendor "Yubico" for product "Piv Manager" and version " < 1.4.2" | - |
Affected
| ||||||
| Yubico Search vendor "Yubico" | Piv Manager Search vendor "Yubico" for product "Piv Manager" | 1.4.2 Search vendor "Yubico" for product "Piv Manager" and version "1.4.2" | - |
Affected
| ||||||
| Yubico Search vendor "Yubico" | Piv Manager Search vendor "Yubico" for product "Piv Manager" | 1.4.2b Search vendor "Yubico" for product "Piv Manager" and version "1.4.2b" | - |
Affected
| ||||||
| Yubico Search vendor "Yubico" | Piv Manager Search vendor "Yubico" for product "Piv Manager" | 1.4.2c Search vendor "Yubico" for product "Piv Manager" and version "1.4.2c" | - |
Affected
| ||||||
| Yubico Search vendor "Yubico" | Piv Manager Search vendor "Yubico" for product "Piv Manager" | 1.4.2d Search vendor "Yubico" for product "Piv Manager" and version "1.4.2d" | - |
Affected
| ||||||
| Yubico Search vendor "Yubico" | Piv Manager Search vendor "Yubico" for product "Piv Manager" | 1.4.2e Search vendor "Yubico" for product "Piv Manager" and version "1.4.2e" | - |
Affected
| ||||||
| Yubico Search vendor "Yubico" | Piv Manager Search vendor "Yubico" for product "Piv Manager" | 1.4.2f Search vendor "Yubico" for product "Piv Manager" and version "1.4.2f" | - |
Affected
| ||||||
| Yubico Search vendor "Yubico" | Piv Manager Search vendor "Yubico" for product "Piv Manager" | 1.4.2g Search vendor "Yubico" for product "Piv Manager" and version "1.4.2g" | - |
Affected
| ||||||
| Yubico Search vendor "Yubico" | Piv Tool Search vendor "Yubico" for product "Piv Tool" | < 1.6.0 Search vendor "Yubico" for product "Piv Tool" and version " < 1.6.0" | - |
Affected
| ||||||
| Yubico Search vendor "Yubico" | Smart Card Minidriver Search vendor "Yubico" for product "Smart Card Minidriver" | <= 3.7.3.160 Search vendor "Yubico" for product "Smart Card Minidriver" and version " <= 3.7.3.160" | - |
Affected
| ||||||