Lucene search

K
ubuntucveUbuntu.comUB:CVE-2018-14780
HistoryAug 15, 2018 - 12:00 a.m.

CVE-2018-14780

2018-08-1500:00:00
ubuntu.com
ubuntu.com
7

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

46.1%

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0
smartcard driver. The file lib/ykpiv.c contains the following code in the
function _ykpiv_fetch_object(): {% highlight c %} if(sw == SW_SUCCESS) {
size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs ==
0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen);
*len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {%
endhighlight %} – in the end, a memmove() occurs with a length retrieved
from APDU data. This length is not checked for whether it is outside of the
APDU data retrieved. Therefore the memmove() could copy bytes behind the
allocated data buffer into this buffer.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchyubico-piv-tool< 1.4.2-2ubuntu0.1UNKNOWN
ubuntu16.04noarchyubico-piv-tool< 1.0.3-1ubuntu0.1~esm1UNKNOWN

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

46.1%