A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data`: {% highlight c %} if { fprintf; } if { memcpy; out_data += recv_len - 2; *out_len += recv_len - 2; } {% endhighlight %} -- it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy`, but no error handling happens to avoid the `memcpy` in such cases. This code path can be triggered with malicious data coming from a smartcard.