Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for HiCOS’ client-side citizen digital certificate by HINET

    CVE-2022-32962 (GCVE-0-2022-32962)

    Vulnerability from nvd – Published: 2022-07-20 02:03 – Updated: 2024-09-16 18:24
    VLAI
    Title
    HiCOS’ client-side citizen digital certificate - Double Free
    Summary
    HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:54:03.428Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Linux"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30306",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.1.0.00002",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "macOS"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30404",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HiCOS\u2019 client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-415",
                  "description": "CWE-415 Double Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T02:03:43.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202206008",
            "discovery": "EXTERNAL"
          },
          "title": "HiCOS\u2019 client-side citizen digital certificate - Double Free",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
              "ID": "CVE-2022-32962",
              "STATE": "PUBLIC",
              "TITLE": "HiCOS\u2019 client-side citizen digital certificate - Double Free"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HiCOS\u2019 client-side citizen digital certificate",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Linux",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30306"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.1.0.00002"
                              },
                              {
                                "platform": "macOS",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30404"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HINET"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HiCOS\u2019 client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-415 Double Free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202206008",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-32962",
        "datePublished": "2022-07-20T02:03:43.658Z",
        "dateReserved": "2022-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:24:45.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32961 (GCVE-0-2022-32961)

    Vulnerability from nvd – Published: 2022-07-20 02:03 – Updated: 2024-09-16 16:53
    VLAI
    Title
    HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
    Summary
    HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:54:03.460Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Linux"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30306",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.1.0.00002",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "macOS"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30404",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HICOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T02:03:13.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202206007",
            "discovery": "EXTERNAL"
          },
          "title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
              "ID": "CVE-2022-32961",
              "STATE": "PUBLIC",
              "TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HiCOS\u2019 client-side citizen digital certificate",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Linux",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30306"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.1.0.00002"
                              },
                              {
                                "platform": "macOS",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30404"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HINET"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HICOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202206007",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-32961",
        "datePublished": "2022-07-20T02:03:13.812Z",
        "dateReserved": "2022-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:53:04.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32960 (GCVE-0-2022-32960)

    Vulnerability from nvd – Published: 2022-07-20 02:02 – Updated: 2024-09-16 16:48
    VLAI
    Title
    HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
    Summary
    HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:54:03.444Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Linux"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30306",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.1.0.00002",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "macOS"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30404",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T02:02:51.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202206006",
            "discovery": "EXTERNAL"
          },
          "title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
              "ID": "CVE-2022-32960",
              "STATE": "PUBLIC",
              "TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HiCOS\u2019 client-side citizen digital certificate",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Linux",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30306"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.1.0.00002"
                              },
                              {
                                "platform": "macOS",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30404"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HINET"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202206006",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-32960",
        "datePublished": "2022-07-20T02:02:51.701Z",
        "dateReserved": "2022-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:48:27.253Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32959 (GCVE-0-2022-32959)

    Vulnerability from nvd – Published: 2022-07-20 02:02 – Updated: 2024-09-17 01:31
    VLAI
    Title
    HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
    Summary
    HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:54:03.400Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Linux"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30306",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.1.0.00002",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "macOS"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30404",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T02:02:25.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202206005",
            "discovery": "EXTERNAL"
          },
          "title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
              "ID": "CVE-2022-32959",
              "STATE": "PUBLIC",
              "TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HiCOS\u2019 client-side citizen digital certificate",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Linux",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30306"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.1.0.00002"
                              },
                              {
                                "platform": "macOS",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30404"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HINET"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202206005",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-32959",
        "datePublished": "2022-07-20T02:02:25.360Z",
        "dateReserved": "2022-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:31:04.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32962 (GCVE-0-2022-32962)

    Vulnerability from cvelistv5 – Published: 2022-07-20 02:03 – Updated: 2024-09-16 18:24
    VLAI
    Title
    HiCOS’ client-side citizen digital certificate - Double Free
    Summary
    HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:54:03.428Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Linux"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30306",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.1.0.00002",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "macOS"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30404",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HiCOS\u2019 client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-415",
                  "description": "CWE-415 Double Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T02:03:43.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202206008",
            "discovery": "EXTERNAL"
          },
          "title": "HiCOS\u2019 client-side citizen digital certificate - Double Free",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
              "ID": "CVE-2022-32962",
              "STATE": "PUBLIC",
              "TITLE": "HiCOS\u2019 client-side citizen digital certificate - Double Free"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HiCOS\u2019 client-side citizen digital certificate",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Linux",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30306"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.1.0.00002"
                              },
                              {
                                "platform": "macOS",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30404"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HINET"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HiCOS\u2019 client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-415 Double Free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202206008",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-32962",
        "datePublished": "2022-07-20T02:03:43.658Z",
        "dateReserved": "2022-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:24:45.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32961 (GCVE-0-2022-32961)

    Vulnerability from cvelistv5 – Published: 2022-07-20 02:03 – Updated: 2024-09-16 16:53
    VLAI
    Title
    HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
    Summary
    HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:54:03.460Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Linux"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30306",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.1.0.00002",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "macOS"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30404",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HICOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T02:03:13.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202206007",
            "discovery": "EXTERNAL"
          },
          "title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
              "ID": "CVE-2022-32961",
              "STATE": "PUBLIC",
              "TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HiCOS\u2019 client-side citizen digital certificate",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Linux",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30306"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.1.0.00002"
                              },
                              {
                                "platform": "macOS",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30404"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HINET"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HICOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202206007",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-32961",
        "datePublished": "2022-07-20T02:03:13.812Z",
        "dateReserved": "2022-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:53:04.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32960 (GCVE-0-2022-32960)

    Vulnerability from cvelistv5 – Published: 2022-07-20 02:02 – Updated: 2024-09-16 16:48
    VLAI
    Title
    HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
    Summary
    HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:54:03.444Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Linux"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30306",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.1.0.00002",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "macOS"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30404",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T02:02:51.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202206006",
            "discovery": "EXTERNAL"
          },
          "title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
              "ID": "CVE-2022-32960",
              "STATE": "PUBLIC",
              "TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HiCOS\u2019 client-side citizen digital certificate",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Linux",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30306"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.1.0.00002"
                              },
                              {
                                "platform": "macOS",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30404"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HINET"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202206006",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-32960",
        "datePublished": "2022-07-20T02:02:51.701Z",
        "dateReserved": "2022-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:48:27.253Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32959 (GCVE-0-2022-32959)

    Vulnerability from cvelistv5 – Published: 2022-07-20 02:02 – Updated: 2024-09-17 01:31
    VLAI
    Title
    HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
    Summary
    HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:54:03.400Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Linux"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30306",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.1.0.00002",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "macOS"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30404",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T02:02:25.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202206005",
            "discovery": "EXTERNAL"
          },
          "title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
              "ID": "CVE-2022-32959",
              "STATE": "PUBLIC",
              "TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HiCOS\u2019 client-side citizen digital certificate",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Linux",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30306"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.1.0.00002"
                              },
                              {
                                "platform": "macOS",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30404"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HINET"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202206005",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-32959",
        "datePublished": "2022-07-20T02:02:25.360Z",
        "dateReserved": "2022-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:31:04.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }