Homepage

Out-of-bounds Read Affecting yubico-piv-tool package, versions <1.5.0-3.3.33

Severity

 Recommended
0.0
low
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.12% (47th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SLES150-YUBICOPIVTOOL-2751465
  • published14 Apr 2022
  • disclosed30 Apr 2019
Report a new vulnerability Found a mistake?

Introduced: 30 Apr 2019

CVE-2018-14780  (opens in a new tab)
CWE-125  (opens in a new tab)

How to fix?

Upgrade SLES:15.0 yubico-piv-tool to version 1.5.0-3.3.33 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream yubico-piv-tool package and not the yubico-piv-tool package as distributed by SLES. See How to fix? for SLES:15.0 relevant fixed versions and status.

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function _ykpiv_fetch_object(): {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a memmove() occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the memmove() could copy bytes behind the allocated data buffer into this buffer.