CVE-2018-14779

{"id": "CVE-2018-14779", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2018-08-15T18:29:00.747", "references": [{"url": "http://www.openwall.com/lists/oss-security/2018/08/14/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/4276-1/", "source": "cve@mitre.org"}, {"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, \"Output buffer to small, wanted to write %lu, max was %lu.\", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad de desbordamiento de b\u00fafer en el controlador de tarjetas inteligentes de Yubico-Piv 1.5.0. El archivo lib/ykpiv.c contiene el siguiente c\u00f3digo en la funci\u00f3n \"ykpiv_transfer_data()\": {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, \"Output buffer to small, wanted to write %lu, max was %lu.\", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- Se comprueba claramente si el b\u00fafer es lo suficientemente grande para contener los datos copiados usando \"memcpy()\", pero no se manejan los errores para evitar el \"memcpy()\" en estos casos. Esta ruta de c\u00f3digo se puede desencadenar con datos maliciosos provenientes de una tarjeta inteligente."}], "lastModified": "2020-02-25T04:15:10.973", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yubico:piv_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E9E1480-3B52-4116-A0AC-6D40EF27C705", "versionEndExcluding": "1.4.2"}, {"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78648DEA-0B05-450B-9B69-5A90E0F03B12"}, {"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F27386DA-D798-442B-AB7A-9F3A8D5298E7"}, {"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA320FD3-AE57-4CC3-A00B-915CAE53A9CB"}, {"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DCA5A56-4979-4981-ABDC-F6243FEDAA48"}, {"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6ABF3B7-521E-42C4-85A9-A867BE87F8E2"}, {"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2f:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A9DE0A5-2B2D-4669-89F2-306C97445ADB"}, {"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2g:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A6DCD14-7271-40E3-A9C5-B20EFF6B7495"}, {"criteria": "cpe:2.3:a:yubico:piv_tool:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3DA5613-3B1C-434A-950B-101FE9BEE7A9", "versionEndExcluding": "1.6.0"}, {"criteria": "cpe:2.3:a:yubico:smart_card_minidriver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60A34CF9-F5B7-4874-961D-22915C55D60F", "versionEndIncluding": "3.7.3.160"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}