Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for hicos_natural_person_credential_component_client by hinet

    CVE-2022-35222 (GCVE-0-2022-35222)

    Vulnerability from nvd – Published: 2022-08-02 15:21 – Updated: 2024-09-16 20:37
    VLAI
    Title
    HiCOS Citizen verification component - Stack Buffer Overflow
    Summary
    HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-07-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:29:17.452Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Linux"
              ],
              "product": "HiCOS Citizen verification component - Stack Buffer Overflow",
              "vendor": "HINET",
              "versions": [
                {
                  "status": "affected",
                  "version": "libHicos_p11v1.so CHT PKCS#11 3.0.3.30306"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "HiCOS Citizen verification component - Stack Buffer Overflow",
              "vendor": "HINET",
              "versions": [
                {
                  "status": "affected",
                  "version": "HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002"
                }
              ]
            },
            {
              "platforms": [
                "macOS"
              ],
              "product": "HiCOS Citizen verification component - Stack Buffer Overflow",
              "vendor": "HINET",
              "versions": [
                {
                  "status": "affected",
                  "version": "libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404"
                }
              ]
            }
          ],
          "datePublic": "2022-07-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-02T15:21:00.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download the latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202207006",
            "discovery": "EXTERNAL"
          },
          "title": "HiCOS Citizen verification component - Stack Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-29T06:52:00.000Z",
              "ID": "CVE-2022-35222",
              "STATE": "PUBLIC",
              "TITLE": "HiCOS Citizen verification component - Stack Buffer Overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HiCOS Citizen verification component - Stack Buffer Overflow",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Linux",
                                "version_affected": "=",
                                "version_value": "libHicos_p11v1.so CHT PKCS#11 3.0.3.30306"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "=",
                                "version_value": "HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002"
                              },
                              {
                                "platform": "macOS",
                                "version_affected": "=",
                                "version_value": "libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HINET"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download the latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202207006",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-35222",
        "datePublished": "2022-08-02T15:21:00.177Z",
        "dateReserved": "2022-07-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:37:53.650Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32962 (GCVE-0-2022-32962)

    Vulnerability from nvd – Published: 2022-07-20 02:03 – Updated: 2024-09-16 18:24
    VLAI
    Title
    HiCOS’ client-side citizen digital certificate - Double Free
    Summary
    HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:54:03.428Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Linux"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30306",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.1.0.00002",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "macOS"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30404",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HiCOS\u2019 client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-415",
                  "description": "CWE-415 Double Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T02:03:43.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202206008",
            "discovery": "EXTERNAL"
          },
          "title": "HiCOS\u2019 client-side citizen digital certificate - Double Free",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
              "ID": "CVE-2022-32962",
              "STATE": "PUBLIC",
              "TITLE": "HiCOS\u2019 client-side citizen digital certificate - Double Free"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HiCOS\u2019 client-side citizen digital certificate",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Linux",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30306"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.1.0.00002"
                              },
                              {
                                "platform": "macOS",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30404"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HINET"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HiCOS\u2019 client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-415 Double Free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202206008",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-32962",
        "datePublished": "2022-07-20T02:03:43.658Z",
        "dateReserved": "2022-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:24:45.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32961 (GCVE-0-2022-32961)

    Vulnerability from nvd – Published: 2022-07-20 02:03 – Updated: 2024-09-16 16:53
    VLAI
    Title
    HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
    Summary
    HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:54:03.460Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Linux"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30306",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.1.0.00002",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "macOS"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30404",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HICOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T02:03:13.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202206007",
            "discovery": "EXTERNAL"
          },
          "title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
              "ID": "CVE-2022-32961",
              "STATE": "PUBLIC",
              "TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HiCOS\u2019 client-side citizen digital certificate",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Linux",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30306"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.1.0.00002"
                              },
                              {
                                "platform": "macOS",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30404"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HINET"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HICOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202206007",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-32961",
        "datePublished": "2022-07-20T02:03:13.812Z",
        "dateReserved": "2022-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:53:04.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32960 (GCVE-0-2022-32960)

    Vulnerability from nvd – Published: 2022-07-20 02:02 – Updated: 2024-09-16 16:48
    VLAI
    Title
    HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
    Summary
    HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:54:03.444Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Linux"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30306",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.1.0.00002",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "macOS"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30404",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T02:02:51.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202206006",
            "discovery": "EXTERNAL"
          },
          "title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
              "ID": "CVE-2022-32960",
              "STATE": "PUBLIC",
              "TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HiCOS\u2019 client-side citizen digital certificate",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Linux",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30306"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.1.0.00002"
                              },
                              {
                                "platform": "macOS",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30404"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HINET"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202206006",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-32960",
        "datePublished": "2022-07-20T02:02:51.701Z",
        "dateReserved": "2022-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:48:27.253Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32959 (GCVE-0-2022-32959)

    Vulnerability from nvd – Published: 2022-07-20 02:02 – Updated: 2024-09-17 01:31
    VLAI
    Title
    HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
    Summary
    HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:54:03.400Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Linux"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30306",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.1.0.00002",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "macOS"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30404",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T02:02:25.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202206005",
            "discovery": "EXTERNAL"
          },
          "title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
              "ID": "CVE-2022-32959",
              "STATE": "PUBLIC",
              "TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HiCOS\u2019 client-side citizen digital certificate",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Linux",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30306"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.1.0.00002"
                              },
                              {
                                "platform": "macOS",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30404"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HINET"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202206005",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-32959",
        "datePublished": "2022-07-20T02:02:25.360Z",
        "dateReserved": "2022-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:31:04.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-35222 (GCVE-0-2022-35222)

    Vulnerability from cvelistv5 – Published: 2022-08-02 15:21 – Updated: 2024-09-16 20:37
    VLAI
    Title
    HiCOS Citizen verification component - Stack Buffer Overflow
    Summary
    HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-07-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:29:17.452Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Linux"
              ],
              "product": "HiCOS Citizen verification component - Stack Buffer Overflow",
              "vendor": "HINET",
              "versions": [
                {
                  "status": "affected",
                  "version": "libHicos_p11v1.so CHT PKCS#11 3.0.3.30306"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "HiCOS Citizen verification component - Stack Buffer Overflow",
              "vendor": "HINET",
              "versions": [
                {
                  "status": "affected",
                  "version": "HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002"
                }
              ]
            },
            {
              "platforms": [
                "macOS"
              ],
              "product": "HiCOS Citizen verification component - Stack Buffer Overflow",
              "vendor": "HINET",
              "versions": [
                {
                  "status": "affected",
                  "version": "libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404"
                }
              ]
            }
          ],
          "datePublic": "2022-07-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-02T15:21:00.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download the latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202207006",
            "discovery": "EXTERNAL"
          },
          "title": "HiCOS Citizen verification component - Stack Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-29T06:52:00.000Z",
              "ID": "CVE-2022-35222",
              "STATE": "PUBLIC",
              "TITLE": "HiCOS Citizen verification component - Stack Buffer Overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HiCOS Citizen verification component - Stack Buffer Overflow",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Linux",
                                "version_affected": "=",
                                "version_value": "libHicos_p11v1.so CHT PKCS#11 3.0.3.30306"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "=",
                                "version_value": "HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002"
                              },
                              {
                                "platform": "macOS",
                                "version_affected": "=",
                                "version_value": "libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HINET"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download the latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202207006",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-35222",
        "datePublished": "2022-08-02T15:21:00.177Z",
        "dateReserved": "2022-07-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:37:53.650Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32962 (GCVE-0-2022-32962)

    Vulnerability from cvelistv5 – Published: 2022-07-20 02:03 – Updated: 2024-09-16 18:24
    VLAI
    Title
    HiCOS’ client-side citizen digital certificate - Double Free
    Summary
    HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:54:03.428Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Linux"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30306",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.1.0.00002",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "macOS"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30404",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HiCOS\u2019 client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-415",
                  "description": "CWE-415 Double Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T02:03:43.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202206008",
            "discovery": "EXTERNAL"
          },
          "title": "HiCOS\u2019 client-side citizen digital certificate - Double Free",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
              "ID": "CVE-2022-32962",
              "STATE": "PUBLIC",
              "TITLE": "HiCOS\u2019 client-side citizen digital certificate - Double Free"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HiCOS\u2019 client-side citizen digital certificate",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Linux",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30306"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.1.0.00002"
                              },
                              {
                                "platform": "macOS",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30404"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HINET"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HiCOS\u2019 client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-415 Double Free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202206008",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-32962",
        "datePublished": "2022-07-20T02:03:43.658Z",
        "dateReserved": "2022-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:24:45.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32961 (GCVE-0-2022-32961)

    Vulnerability from cvelistv5 – Published: 2022-07-20 02:03 – Updated: 2024-09-16 16:53
    VLAI
    Title
    HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
    Summary
    HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:54:03.460Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Linux"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30306",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.1.0.00002",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "macOS"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30404",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HICOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T02:03:13.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202206007",
            "discovery": "EXTERNAL"
          },
          "title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
              "ID": "CVE-2022-32961",
              "STATE": "PUBLIC",
              "TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HiCOS\u2019 client-side citizen digital certificate",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Linux",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30306"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.1.0.00002"
                              },
                              {
                                "platform": "macOS",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30404"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HINET"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HICOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202206007",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-32961",
        "datePublished": "2022-07-20T02:03:13.812Z",
        "dateReserved": "2022-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:53:04.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32960 (GCVE-0-2022-32960)

    Vulnerability from cvelistv5 – Published: 2022-07-20 02:02 – Updated: 2024-09-16 16:48
    VLAI
    Title
    HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
    Summary
    HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:54:03.444Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Linux"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30306",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.1.0.00002",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "macOS"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30404",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T02:02:51.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202206006",
            "discovery": "EXTERNAL"
          },
          "title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
              "ID": "CVE-2022-32960",
              "STATE": "PUBLIC",
              "TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HiCOS\u2019 client-side citizen digital certificate",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Linux",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30306"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.1.0.00002"
                              },
                              {
                                "platform": "macOS",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30404"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HINET"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202206006",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-32960",
        "datePublished": "2022-07-20T02:02:51.701Z",
        "dateReserved": "2022-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:48:27.253Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32959 (GCVE-0-2022-32959)

    Vulnerability from cvelistv5 – Published: 2022-07-20 02:02 – Updated: 2024-09-17 01:31
    VLAI
    Title
    HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
    Summary
    HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:54:03.400Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Linux"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30306",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.1.0.00002",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "macOS"
              ],
              "product": "HiCOS\u2019 client-side citizen digital certificate",
              "vendor": "HINET",
              "versions": [
                {
                  "lessThanOrEqual": "11 3.0.3.30404",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T02:02:25.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202206005",
            "discovery": "EXTERNAL"
          },
          "title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
              "ID": "CVE-2022-32959",
              "STATE": "PUBLIC",
              "TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HiCOS\u2019 client-side citizen digital certificate",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Linux",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30306"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.1.0.00002"
                              },
                              {
                                "platform": "macOS",
                                "version_affected": "\u003c=",
                                "version_value": "11 3.0.3.30404"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HINET"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202206005",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-32959",
        "datePublished": "2022-07-20T02:02:25.360Z",
        "dateReserved": "2022-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:31:04.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }