CVE-2022-32959
Summary
| CVE | CVE-2022-32959 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-07-20 02:15:00 UTC |
| Updated | 2023-06-29 15:18:00 UTC |
| Description | HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hinet | Hicos Natural Person Credential Component Client | 3.0.3.30306 | All | All | All |
| Application | Hinet | Hicos Natural Person Credential Component Client | 3.0.3.30404 | All | All | All |
| Application | Hinet | Hicos Natural Person Credential Component Client | 3.1.0.00002 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| TWCERT/CC台灣電腦網路危機處理暨協調中心|企業資安通報協處|資安情資分享|漏洞通報|資安聯盟|資安電子報-HiCOS 自然人憑證元件客戶端 - Stack Buffer Overflow-1 | CONFIRM | www.twcert.org.tw | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.