Search CVE reports
1 – 4 of 4 results
An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free() in the ykpiv_util_generate_key() function in lib/util.c through incorrect error handling code. This could be used to cause a...
1 affected package
yubico-piv-tool
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| yubico-piv-tool | Not affected | Not affected | Needs evaluation | Needs evaluation |
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is included in yubico-piv-tool) does not properly check embedded length fields during device communication. A malicious PIV token can...
1 affected package
yubico-piv-tool
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| yubico-piv-tool | Not affected | Not affected | Needs evaluation | Needs evaluation |
Some fixes available 2 of 4
An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen;...
1 affected package
yubico-piv-tool
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| yubico-piv-tool | — | Not affected | Not affected | Fixed |
Some fixes available 2 of 4
A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len - 2 > max_out) {...
1 affected package
yubico-piv-tool
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| yubico-piv-tool | — | Not affected | Not affected | Fixed |