An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this
library (which is included in yubico-piv-tool) does not properly check
embedded length fields during device communication. A malicious PIV token
can misreport the returned length fields during RSA key generation. This
will cause stack memory to be copied into heap allocated memory that gets
returned to the caller. The leaked memory could include PINs, passwords,
key material, and other sensitive information depending on the integration.
During further processing by the caller, this information could leak across
trust boundaries. Note that RSA key generation is triggered by the host and
cannot directly be triggered by the token.
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
More Information

Updated: 2020-09-09 23:34:59 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)