Lucene search

K
cve[email protected]CVE-2022-35222
HistoryAug 02, 2022 - 4:15 p.m.

CVE-2022-35222

2022-08-0216:15:10
CWE-787
web.nvd.nist.gov
23
4
hicos
citizen verification
stack-based buffer overflow
vulnerability
parameter length validation
nvd
cve-2022-35222

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.6%

HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.

Affected configurations

NVD
Node
hinethicos_natural_person_credential_component_clientMatch3.0.3.30306linux
OR
hinethicos_natural_person_credential_component_clientMatch3.0.3.30404macos
OR
hinethicos_natural_person_credential_component_clientMatch3.1.0.00002windows

CNA Affected

[
  {
    "platforms": [
      "Linux"
    ],
    "product": "HiCOS Citizen verification component - Stack Buffer Overflow",
    "vendor": "HINET",
    "versions": [
      {
        "status": "affected",
        "version": "libHicos_p11v1.so CHT PKCS#11 3.0.3.30306"
      }
    ]
  },
  {
    "platforms": [
      "Windows"
    ],
    "product": "HiCOS Citizen verification component - Stack Buffer Overflow",
    "vendor": "HINET",
    "versions": [
      {
        "status": "affected",
        "version": "HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002"
      }
    ]
  },
  {
    "platforms": [
      "macOS"
    ],
    "product": "HiCOS Citizen verification component - Stack Buffer Overflow",
    "vendor": "HINET",
    "versions": [
      {
        "status": "affected",
        "version": "libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404"
      }
    ]
  }
]

Social References

More

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.6%

Related for CVE-2022-35222