CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS
Percentile
41.5%
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this
library (which is included in yubico-piv-tool) does not properly check
embedded length fields during device communication. A malicious PIV token
can misreport the returned length fields during RSA key generation. This
will cause stack memory to be copied into heap allocated memory that gets
returned to the caller. The leaked memory could include PINs, passwords,
key material, and other sensitive information depending on the integration.
During further processing by the caller, this information could leak across
trust boundaries. Note that RSA key generation is triggered by the host and
cannot directly be triggered by the token.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | yubico-piv-tool | < any | UNKNOWN |
ubuntu | 20.04 | noarch | yubico-piv-tool | < any | UNKNOWN |
ubuntu | 16.04 | noarch | yubico-piv-tool | < any | UNKNOWN |
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS
Percentile
41.5%