Vulnerability Details CVE-2018-14779
A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.5%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 7.2
References
- http://www.openwall.com/lists/oss-security/2018/08/14/2
- https://usn.ubuntu.com/4276-1/
- https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/
- https://www.yubico.com/support/security-advisories/ysa-2018-03/
- http://www.openwall.com/lists/oss-security/2018/08/14/2
- https://usn.ubuntu.com/4276-1/
- https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/
- https://www.yubico.com/support/security-advisories/ysa-2018-03/
Products affected by CVE-2018-14779
-
cpe:2.3:a:yubico:piv_manager:1.0.0
-
cpe:2.3:a:yubico:piv_manager:1.0.1
-
cpe:2.3:a:yubico:piv_manager:1.0.2
-
cpe:2.3:a:yubico:piv_manager:1.1.0
-
cpe:2.3:a:yubico:piv_manager:1.1.1
-
cpe:2.3:a:yubico:piv_manager:1.2.0
-
cpe:2.3:a:yubico:piv_manager:1.2.1
-
cpe:2.3:a:yubico:piv_manager:1.3.0
-
cpe:2.3:a:yubico:piv_manager:1.3.0b
-
cpe:2.3:a:yubico:piv_manager:1.4.0
-
cpe:2.3:a:yubico:piv_manager:1.4.1
-
cpe:2.3:a:yubico:piv_manager:1.4.2
-
cpe:2.3:a:yubico:piv_manager:1.4.2b
-
cpe:2.3:a:yubico:piv_manager:1.4.2c
-
cpe:2.3:a:yubico:piv_manager:1.4.2d
-
cpe:2.3:a:yubico:piv_manager:1.4.2e
-
cpe:2.3:a:yubico:piv_manager:1.4.2f
-
cpe:2.3:a:yubico:piv_manager:1.4.2g
-
cpe:2.3:a:yubico:piv_tool:0.0.1
-
cpe:2.3:a:yubico:piv_tool:0.0.2
-
cpe:2.3:a:yubico:piv_tool:0.0.3
-
cpe:2.3:a:yubico:piv_tool:0.1.0
-
cpe:2.3:a:yubico:piv_tool:0.1.1
-
cpe:2.3:a:yubico:piv_tool:0.1.2
-
cpe:2.3:a:yubico:piv_tool:0.1.3
-
cpe:2.3:a:yubico:piv_tool:0.1.4
-
cpe:2.3:a:yubico:piv_tool:0.1.5
-
cpe:2.3:a:yubico:piv_tool:0.1.6
-
cpe:2.3:a:yubico:piv_tool:1.0.0
-
cpe:2.3:a:yubico:piv_tool:1.0.1
-
cpe:2.3:a:yubico:piv_tool:1.0.2
-
cpe:2.3:a:yubico:piv_tool:1.0.3
-
cpe:2.3:a:yubico:piv_tool:1.1.0
-
cpe:2.3:a:yubico:piv_tool:1.1.1
-
cpe:2.3:a:yubico:piv_tool:1.1.2
-
cpe:2.3:a:yubico:piv_tool:1.2.0
-
cpe:2.3:a:yubico:piv_tool:1.2.1
-
cpe:2.3:a:yubico:piv_tool:1.2.2
-
cpe:2.3:a:yubico:piv_tool:1.3.0
-
cpe:2.3:a:yubico:piv_tool:1.3.1
-
cpe:2.3:a:yubico:piv_tool:1.4.0
-
cpe:2.3:a:yubico:piv_tool:1.4.1
-
cpe:2.3:a:yubico:piv_tool:1.4.2
-
cpe:2.3:a:yubico:piv_tool:1.4.3
-
cpe:2.3:a:yubico:piv_tool:1.4.4
-
cpe:2.3:a:yubico:piv_tool:1.5.0
-
cpe:2.3:a:yubico:smart_card_minidriver:3.7.0.152