Homepage

Out-of-bounds Read Affecting yubico-piv-tool package, versions <1.6.1-1

Severity

 Recommended
low

Based on Debian security rating.

Threat Intelligence

EPSS
0.12% (47th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN11-YUBICOPIVTOOL-528780
  • published15 Aug 2018
  • disclosed15 Aug 2018
Report a new vulnerability Found a mistake?

Introduced: 15 Aug 2018

CVE-2018-14780  (opens in a new tab)
CWE-125  (opens in a new tab)

How to fix?

Upgrade Debian:11 yubico-piv-tool to version 1.6.1-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream yubico-piv-tool package and not the yubico-piv-tool package as distributed by Debian. See How to fix? for Debian:11 relevant fixed versions and status.

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function _ykpiv_fetch_object(): {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a memmove() occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the memmove() could copy bytes behind the allocated data buffer into this buffer.