Download
| Alert*
|
oval:org.secpod.oval:def:61802
yubico-piv-tool: Command line tool for the YubiKey PIV applet Yubico PIV Tool could be made to crash or run programs as an administrator if it received specially crafted input. oval:org.secpod.oval:def:705377 yubico-piv-tool: Command line tool for the YubiKey PIV applet Yubico PIV Tool could be made to crash or run programs as an administrator if it received specially crafted input. oval:org.secpod.oval:def:89050901 This update for yubico-piv-tool fixes the following issues: Security issues fixed: - Fixed an buffer overflow and an out of bounds memory read in ykpiv_transfer_data, which could be triggered by a malicious token. - Fixed an buffer overflow and an out of bounds memory read in _ykpiv_fetch_object, w ... oval:org.secpod.oval:def:2000400 An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object`: {% highlight c %} if { size_t outlen; int offs = _ykpiv_get_length; if { return YKPIV_SIZE_ERROR; } memmove; *len = outlen; ret ... |
