7 matches found
Ubuntu 16.04 ESM : Yubico PIV Tool vulnerabilities (USN-4846-1)
The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4846-1 advisory. It was discovered that libykpiv, a supporting library of the Yubico PIV tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker wit...
SUSE SLED15 / SLES15 Security Update : yubico-piv-tool (SUSE-SU-2019:1123-1)
This update for yubico-piv-tool fixes the following issues : Security issues fixed : Fixed an buffer overflow and an out of bounds memory read in ykpivtransferdata, which could be triggered by a malicious token. CVE-2018-14779, bsc1104809, YSA-2018-03 Fixed an buffer overflow and an out of bounds...
openSUSE: Security Advisory for yubico-piv-tool (openSUSE-SU-2018:2623-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : yubico-piv-tool (openSUSE-2018-969)
This update for yubico-piv-tool fixes the following issues : Security issues fixed : - CVE-2018-14779: Fixed an buffer overflow and an out of bounds memory read in ykpivtransferdata, which could be triggered by a malicious token. boo1104809, YSA-2018-03 - CVE-2018-14780: Fixed an buffer overflow...
Yubico PIV Tool 1.5.0 Buffer Overflow Vulnerability
A buffer overflow and an out of bounds memory read were identified in the yubico-piv-tool-1.5.0, these can be triggered by a malicious token. Multiple Vulnerabilities in Yubico Piv ====================================== Overview - -------- Confirmed Affected Versions: 1.5.0 Confirmed Patched...
CVE-2018-14779
A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function ykpivtransferdata: % highlight c % ifoutlen + recvlen - 2 maxout fprintfstderr, "Output buffer to small, wanted to write %lu, max was %lu.", outlen +...
CVE-2018-14779
CVE-2018-14779 describes a buffer overflow in the Yubico PIV library (libykpiv) used by the YubiKey PIV tool. The NVD report centers on Yubico-Piv 1.5.0’s smartcard driver, where the function ykpiv_transfer_data() checks buffer size but does not prevent a memcpy when the input is malicious, allow...