6.8
CVE-2022-32960
- EPSS 0.14%
- Veröffentlicht 20.07.2022 02:15:07
- Zuletzt bearbeitet 21.11.2024 07:07:18
- Quelle twcert@cert.org.tw
- CVE-Watchlists
- Unerledigt
LoginHiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hinet ≫ Hicos Natural Person Credential Component Client Version3.0.3.30306 SwPlatformlinux
Hinet ≫ Hicos Natural Person Credential Component Client Version3.0.3.30404 SwPlatformmacos
Hinet ≫ Hicos Natural Person Credential Component Client Version3.1.0.00002 SwPlatformwindows
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.346 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| twcert@cert.org.tw | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.