admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2018/CVE-2018-147xx/CVE-2018-14780.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

171 lines
6.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2018-14780",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-08-15T18:29:00.887",
"lastModified": "2020-02-25T04:15:11.223",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad de lectura fuera de l\u00edmites en el controlador de tarjetas inteligentes de Yubico-Piv 1.5.0. El archivo lib/ykpiv.c contiene el siguiente c\u00f3digo en la funci\u00f3n \"_ykpiv_fetch_object()\": {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- Al final, ocurre un \"memmove()\" con una longitud recuperada de los datos APDU. No se comprueba si la longitud es de fuera de los datos APDU recuperados. Por lo tanto, \"memmove()\" podr\u00eda copiar bytes de detr\u00e1s del b\u00fafer de datos asignado en este b\u00fafer."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yubico:piv_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.2",
"matchCriteriaId": "1E9E1480-3B52-4116-A0AC-6D40EF27C705"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78648DEA-0B05-450B-9B69-5A90E0F03B12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "F27386DA-D798-442B-AB7A-9F3A8D5298E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2c:*:*:*:*:*:*:*",
"matchCriteriaId": "BA320FD3-AE57-4CC3-A00B-915CAE53A9CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2d:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCA5A56-4979-4981-ABDC-F6243FEDAA48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2e:*:*:*:*:*:*:*",
"matchCriteriaId": "A6ABF3B7-521E-42C4-85A9-A867BE87F8E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9DE0A5-2B2D-4669-89F2-306C97445ADB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yubico:piv_manager:1.4.2g:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6DCD14-7271-40E3-A9C5-B20EFF6B7495"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yubico:piv_tool:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.6.0",
"matchCriteriaId": "B3DA5613-3B1C-434A-950B-101FE9BEE7A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yubico:smart_card_minidriver:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.7.3.160",
"matchCriteriaId": "60A34CF9-F5B7-4874-961D-22915C55D60F"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2018/08/14/2",
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://usn.ubuntu.com/4276-1/",
"source": "cve@mitre.org"
},
{
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink