How severe is CVE-2018-14780?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2018-14780?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2018-14780

MEDIUM Year: 2018

CVSS v3 Score

4.6

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-125

View all →

Vulnerability Description

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer.

CVE-2018-19985

MEDIUM

CVSS:4.6(Medium)

The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-o...

CWE-1252018

CVE-2021-1897

MEDIUM

CVSS:4.6(Medium)

Possible Buffer Over-read due to lack of validation of boundary checks when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Sna...

CWE-1252021

CVE-2021-1898

MEDIUM

CVSS:4.6(Medium)

Possible buffer over-read due to incorrect overflow check when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Weara...

CWE-1252021

CVE-2021-1899

MEDIUM

CVSS:4.6(Medium)

Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CWE-1252021

CVE-2021-1901

MEDIUM

CVSS:4.6(Medium)

Possible buffer over-read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearable...

CWE-1252021

CVE-2021-22306

MEDIUM

CVSS:4.6(Medium)

There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E180R6P2). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending ...

CWE-1252021

CVE-2018-14780

Vulnerability Description

Related Vulnerabilities

CVE-2018-19985

CVE-2021-1897

CVE-2021-1898

CVE-2021-1899

CVE-2021-1901

CVE-2021-22306