Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is included in yubico-piv-tool) does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will cause stack memory to be copied into heap allocated memory that gets returned to the caller. The leaked memory could include PINs, passwords, key material, and other sensitive information depending on the integration. During further processing by the caller, this information could leak across trust boundaries. Note that RSA key generation is triggered by the host and cannot directly be triggered by the token.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Yubico libykpiv 缓冲区错误漏洞
Vulnerability Description
Yubico libykpiv是瑞典Yubico公司的一款YubiKey智能卡微型驱动程序中的秘钥处理库。 Yubico libykpiv 2.1.0之前版本中的lib/util.c文件存在安全漏洞。攻击者可利用该漏洞获取信息。
CVSS Information
N/A
Vulnerability Type
N/A