admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2018/CVE-2018-147xx/CVE-2018-14779.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

175 lines
6.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2018-14779",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-08-15T18:29:00.747",
"lastModified": "2020-02-25T04:15:10.973",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, \"Output buffer to small, wanted to write %lu, max was %lu.\", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad de desbordamiento de b\u00fafer en el controlador de tarjetas inteligentes de Yubico-Piv 1.5.0. El archivo lib/ykpiv.c contiene el siguiente c\u00f3digo en la funci\u00f3n \"ykpiv_transfer_data()\": {% highlight c %} if(*out_len + recv_len - 2 > max_out) { fprintf(stderr, \"Output buffer to small, wanted to write %lu, max was %lu.\", *out_len + recv_len - 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len - 2); out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- Se comprueba claramente si el b\u00fafer es lo suficientemente grande para contener los datos copiados usando \"memcpy()\", pero no se manejan los errores para evitar el \"memcpy()\" en estos casos. Esta ruta de c\u00f3digo se puede desencadenar con datos maliciosos provenientes de una tarjeta inteligente."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2
},
"baseSeverity": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yubico:piv_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.2",
"matchCriteriaId": "1E9E1480-3B52-4116-A0AC-6D40EF27C705"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78648DEA-0B05-450B-9B69-5A90E0F03B12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "F27386DA-D798-442B-AB7A-9F3A8D5298E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "BA320FD3-AE57-4CC3-A00B-915CAE53A9CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCA5A56-4979-4981-ABDC-F6243FEDAA48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "A6ABF3B7-521E-42C4-85A9-A867BE87F8E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9DE0A5-2B2D-4669-89F2-306C97445ADB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2g:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6DCD14-7271-40E3-A9C5-B20EFF6B7495"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yubico:piv_tool:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.6.0",
"matchCriteriaId": "B3DA5613-3B1C-434A-950B-101FE9BEE7A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yubico:smart_card_minidriver:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.7.3.160",
"matchCriteriaId": "60A34CF9-F5B7-4874-961D-22915C55D60F"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2018/08/14/2",
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://usn.ubuntu.com/4276-1/",
"source": "cve@mitre.org"
},
{
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink