Search criteria
10 vulnerabilities found for hicos_natural_person_credential_component_client by hinet
CVE-2022-35222 (GCVE-0-2022-35222)
Vulnerability from nvd – Published: 2022-08-02 15:21 – Updated: 2024-09-16 20:37
VLAI?
Title
HiCOS Citizen verification component - Stack Buffer Overflow
Summary
HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.
Severity ?
6.8 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| HINET | HiCOS Citizen verification component - Stack Buffer Overflow |
Affected:
libHicos_p11v1.so CHT PKCS#11 3.0.3.30306
|
|
| HINET | HiCOS Citizen verification component - Stack Buffer Overflow |
Affected:
HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002
|
|
| HINET | HiCOS Citizen verification component - Stack Buffer Overflow |
Affected:
libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404
|
Date Public ?
2022-07-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "HiCOS Citizen verification component - Stack Buffer Overflow",
"vendor": "HINET",
"versions": [
{
"status": "affected",
"version": "libHicos_p11v1.so CHT PKCS#11 3.0.3.30306"
}
]
},
{
"platforms": [
"Windows"
],
"product": "HiCOS Citizen verification component - Stack Buffer Overflow",
"vendor": "HINET",
"versions": [
{
"status": "affected",
"version": "HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002"
}
]
},
{
"platforms": [
"macOS"
],
"product": "HiCOS Citizen verification component - Stack Buffer Overflow",
"vendor": "HINET",
"versions": [
{
"status": "affected",
"version": "libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404"
}
]
}
],
"datePublic": "2022-07-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-02T15:21:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Download the latest version"
}
],
"source": {
"advisory": "TVN-202207006",
"discovery": "EXTERNAL"
},
"title": "HiCOS Citizen verification component - Stack Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-29T06:52:00.000Z",
"ID": "CVE-2022-35222",
"STATE": "PUBLIC",
"TITLE": "HiCOS Citizen verification component - Stack Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiCOS Citizen verification component - Stack Buffer Overflow",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "=",
"version_value": "libHicos_p11v1.so CHT PKCS#11 3.0.3.30306"
},
{
"platform": "Windows",
"version_affected": "=",
"version_value": "HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002"
},
{
"platform": "macOS",
"version_affected": "=",
"version_value": "libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404"
}
]
}
}
]
},
"vendor_name": "HINET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Download the latest version"
}
],
"source": {
"advisory": "TVN-202207006",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-35222",
"datePublished": "2022-08-02T15:21:00.177Z",
"dateReserved": "2022-07-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:37:53.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32962 (GCVE-0-2022-32962)
Vulnerability from nvd – Published: 2022-07-20 02:03 – Updated: 2024-09-16 18:24
VLAI?
Title
HiCOS’ client-side citizen digital certificate - Double Free
Summary
HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.
Severity ?
6.8 (Medium)
CWE
- CWE-415 - Double Free
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30306
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.1.0.00002
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30404
(custom)
|
Date Public ?
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30306",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.1.0.00002",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"macOS"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30404",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HiCOS\u2019 client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T02:03:43.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206008",
"discovery": "EXTERNAL"
},
"title": "HiCOS\u2019 client-side citizen digital certificate - Double Free",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
"ID": "CVE-2022-32962",
"STATE": "PUBLIC",
"TITLE": "HiCOS\u2019 client-side citizen digital certificate - Double Free"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiCOS\u2019 client-side citizen digital certificate",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30306"
},
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_value": "11 3.1.0.00002"
},
{
"platform": "macOS",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30404"
}
]
}
}
]
},
"vendor_name": "HINET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HiCOS\u2019 client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-415 Double Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206008",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32962",
"datePublished": "2022-07-20T02:03:43.658Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:24:45.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32961 (GCVE-0-2022-32961)
Vulnerability from nvd – Published: 2022-07-20 02:03 – Updated: 2024-09-16 16:53
VLAI?
Title
HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
Summary
HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
Severity ?
6.8 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30306
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.1.0.00002
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30404
(custom)
|
Date Public ?
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30306",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.1.0.00002",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"macOS"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30404",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HICOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T02:03:13.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206007",
"discovery": "EXTERNAL"
},
"title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
"ID": "CVE-2022-32961",
"STATE": "PUBLIC",
"TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiCOS\u2019 client-side citizen digital certificate",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30306"
},
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_value": "11 3.1.0.00002"
},
{
"platform": "macOS",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30404"
}
]
}
}
]
},
"vendor_name": "HINET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HICOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206007",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32961",
"datePublished": "2022-07-20T02:03:13.812Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:53:04.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32960 (GCVE-0-2022-32960)
Vulnerability from nvd – Published: 2022-07-20 02:02 – Updated: 2024-09-16 16:48
VLAI?
Title
HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
Summary
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
Severity ?
6.8 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30306
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.1.0.00002
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30404
(custom)
|
Date Public ?
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30306",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.1.0.00002",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"macOS"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30404",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T02:02:51.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206006",
"discovery": "EXTERNAL"
},
"title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
"ID": "CVE-2022-32960",
"STATE": "PUBLIC",
"TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiCOS\u2019 client-side citizen digital certificate",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30306"
},
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_value": "11 3.1.0.00002"
},
{
"platform": "macOS",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30404"
}
]
}
}
]
},
"vendor_name": "HINET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206006",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32960",
"datePublished": "2022-07-20T02:02:51.701Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:48:27.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32959 (GCVE-0-2022-32959)
Vulnerability from nvd – Published: 2022-07-20 02:02 – Updated: 2024-09-17 01:31
VLAI?
Title
HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
Summary
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
Severity ?
6.8 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30306
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.1.0.00002
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30404
(custom)
|
Date Public ?
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30306",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.1.0.00002",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"macOS"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30404",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T02:02:25.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206005",
"discovery": "EXTERNAL"
},
"title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
"ID": "CVE-2022-32959",
"STATE": "PUBLIC",
"TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiCOS\u2019 client-side citizen digital certificate",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30306"
},
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_value": "11 3.1.0.00002"
},
{
"platform": "macOS",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30404"
}
]
}
}
]
},
"vendor_name": "HINET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206005",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32959",
"datePublished": "2022-07-20T02:02:25.360Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:31:04.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35222 (GCVE-0-2022-35222)
Vulnerability from cvelistv5 – Published: 2022-08-02 15:21 – Updated: 2024-09-16 20:37
VLAI?
Title
HiCOS Citizen verification component - Stack Buffer Overflow
Summary
HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.
Severity ?
6.8 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| HINET | HiCOS Citizen verification component - Stack Buffer Overflow |
Affected:
libHicos_p11v1.so CHT PKCS#11 3.0.3.30306
|
|
| HINET | HiCOS Citizen verification component - Stack Buffer Overflow |
Affected:
HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002
|
|
| HINET | HiCOS Citizen verification component - Stack Buffer Overflow |
Affected:
libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404
|
Date Public ?
2022-07-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "HiCOS Citizen verification component - Stack Buffer Overflow",
"vendor": "HINET",
"versions": [
{
"status": "affected",
"version": "libHicos_p11v1.so CHT PKCS#11 3.0.3.30306"
}
]
},
{
"platforms": [
"Windows"
],
"product": "HiCOS Citizen verification component - Stack Buffer Overflow",
"vendor": "HINET",
"versions": [
{
"status": "affected",
"version": "HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002"
}
]
},
{
"platforms": [
"macOS"
],
"product": "HiCOS Citizen verification component - Stack Buffer Overflow",
"vendor": "HINET",
"versions": [
{
"status": "affected",
"version": "libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404"
}
]
}
],
"datePublic": "2022-07-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-02T15:21:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Download the latest version"
}
],
"source": {
"advisory": "TVN-202207006",
"discovery": "EXTERNAL"
},
"title": "HiCOS Citizen verification component - Stack Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-29T06:52:00.000Z",
"ID": "CVE-2022-35222",
"STATE": "PUBLIC",
"TITLE": "HiCOS Citizen verification component - Stack Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiCOS Citizen verification component - Stack Buffer Overflow",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "=",
"version_value": "libHicos_p11v1.so CHT PKCS#11 3.0.3.30306"
},
{
"platform": "Windows",
"version_affected": "=",
"version_value": "HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002"
},
{
"platform": "macOS",
"version_affected": "=",
"version_value": "libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404"
}
]
}
}
]
},
"vendor_name": "HINET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Download the latest version"
}
],
"source": {
"advisory": "TVN-202207006",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-35222",
"datePublished": "2022-08-02T15:21:00.177Z",
"dateReserved": "2022-07-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:37:53.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32962 (GCVE-0-2022-32962)
Vulnerability from cvelistv5 – Published: 2022-07-20 02:03 – Updated: 2024-09-16 18:24
VLAI?
Title
HiCOS’ client-side citizen digital certificate - Double Free
Summary
HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.
Severity ?
6.8 (Medium)
CWE
- CWE-415 - Double Free
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30306
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.1.0.00002
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30404
(custom)
|
Date Public ?
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30306",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.1.0.00002",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"macOS"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30404",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HiCOS\u2019 client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T02:03:43.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206008",
"discovery": "EXTERNAL"
},
"title": "HiCOS\u2019 client-side citizen digital certificate - Double Free",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
"ID": "CVE-2022-32962",
"STATE": "PUBLIC",
"TITLE": "HiCOS\u2019 client-side citizen digital certificate - Double Free"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiCOS\u2019 client-side citizen digital certificate",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30306"
},
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_value": "11 3.1.0.00002"
},
{
"platform": "macOS",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30404"
}
]
}
}
]
},
"vendor_name": "HINET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HiCOS\u2019 client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-415 Double Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206008",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32962",
"datePublished": "2022-07-20T02:03:43.658Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:24:45.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32961 (GCVE-0-2022-32961)
Vulnerability from cvelistv5 – Published: 2022-07-20 02:03 – Updated: 2024-09-16 16:53
VLAI?
Title
HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
Summary
HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
Severity ?
6.8 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30306
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.1.0.00002
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30404
(custom)
|
Date Public ?
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30306",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.1.0.00002",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"macOS"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30404",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HICOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T02:03:13.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206007",
"discovery": "EXTERNAL"
},
"title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
"ID": "CVE-2022-32961",
"STATE": "PUBLIC",
"TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiCOS\u2019 client-side citizen digital certificate",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30306"
},
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_value": "11 3.1.0.00002"
},
{
"platform": "macOS",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30404"
}
]
}
}
]
},
"vendor_name": "HINET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HICOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206007",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32961",
"datePublished": "2022-07-20T02:03:13.812Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:53:04.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32960 (GCVE-0-2022-32960)
Vulnerability from cvelistv5 – Published: 2022-07-20 02:02 – Updated: 2024-09-16 16:48
VLAI?
Title
HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
Summary
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
Severity ?
6.8 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30306
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.1.0.00002
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30404
(custom)
|
Date Public ?
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30306",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.1.0.00002",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"macOS"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30404",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T02:02:51.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206006",
"discovery": "EXTERNAL"
},
"title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
"ID": "CVE-2022-32960",
"STATE": "PUBLIC",
"TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiCOS\u2019 client-side citizen digital certificate",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30306"
},
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_value": "11 3.1.0.00002"
},
{
"platform": "macOS",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30404"
}
]
}
}
]
},
"vendor_name": "HINET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206006",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32960",
"datePublished": "2022-07-20T02:02:51.701Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:48:27.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32959 (GCVE-0-2022-32959)
Vulnerability from cvelistv5 – Published: 2022-07-20 02:02 – Updated: 2024-09-17 01:31
VLAI?
Title
HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
Summary
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
Severity ?
6.8 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30306
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.1.0.00002
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30404
(custom)
|
Date Public ?
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30306",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.1.0.00002",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"macOS"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30404",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T02:02:25.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206005",
"discovery": "EXTERNAL"
},
"title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
"ID": "CVE-2022-32959",
"STATE": "PUBLIC",
"TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiCOS\u2019 client-side citizen digital certificate",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30306"
},
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_value": "11 3.1.0.00002"
},
{
"platform": "macOS",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30404"
}
]
}
}
]
},
"vendor_name": "HINET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206005",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32959",
"datePublished": "2022-07-20T02:02:25.360Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:31:04.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}