CVE-2022-32959

EPSS 0.05%
Veröffentlicht 20.07.2022 02:15:07
Zuletzt bearbeitet 21.11.2024 07:07:18
Quelle twcert@cert.org.tw
CVE-Watchlists
Login
Unerledigt
Login

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hinet ≫ Hicos Natural Person Credential Component Client Version3.0.3.30306 SwPlatformlinux

Hinet ≫ Hicos Natural Person Credential Component Client Version3.0.3.30404 SwPlatformmacos

Hinet ≫ Hicos Natural Person Credential Component Client Version3.1.0.00002 SwPlatformwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.164

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
twcert@cert.org.tw	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-32959

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-32959

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-32959

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-32959