Vulnerability Details : CVE-2018-14779
A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, "Output buffer to small, wanted to write %lu, max was %lu.", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2018-14779
- cpe:2.3:a:yubico:piv_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:yubico:piv_manager:1.4.2g:*:*:*:*:*:*:*
- cpe:2.3:a:yubico:piv_manager:1.4.2f:*:*:*:*:*:*:*
- cpe:2.3:a:yubico:piv_manager:1.4.2d:*:*:*:*:*:*:*
- cpe:2.3:a:yubico:piv_manager:1.4.2b:*:*:*:*:*:*:*
- cpe:2.3:a:yubico:piv_manager:1.4.2e:*:*:*:*:*:*:*
- cpe:2.3:a:yubico:piv_manager:1.4.2c:*:*:*:*:*:*:*
- cpe:2.3:a:yubico:piv_manager:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:yubico:smart_card_minidriver:*:*:*:*:*:*:*:*
- cpe:2.3:a:yubico:piv_tool:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-14779
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-14779
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
6.8
|
MEDIUM | CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
NIST |
CWE ids for CVE-2018-14779
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-14779
-
https://www.yubico.com/support/security-advisories/ysa-2018-03/
Security Advisory 2018-08-08 | YubicoVendor Advisory
-
https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/
Advisory X41-2018-001: Multiple Vulnerabilities in Yubico-Piv | X41 D-SEC GmbHThird Party Advisory
-
https://usn.ubuntu.com/4276-1/
USN-4276-1: Yubico PIV Tool vulnerabilities | Ubuntu security notices
-
http://www.openwall.com/lists/oss-security/2018/08/14/2
oss-security - X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico PivMailing List;Third Party Advisory
Jump to