Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for HiCOS Citizen verification component - Stack Buffer Overflow by HINET
CVE-2022-35222 (GCVE-0-2022-35222)
Vulnerability from cvelistv5 – Published: 2022-08-02 15:21 – Updated: 2024-09-16 20:37
VLAI
Title
HiCOS Citizen verification component - Stack Buffer Overflow
Summary
HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.
Severity
6.8 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| HINET | HiCOS Citizen verification component - Stack Buffer Overflow |
Affected:
libHicos_p11v1.so CHT PKCS#11 3.0.3.30306
|
|
| HINET | HiCOS Citizen verification component - Stack Buffer Overflow |
Affected:
HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002
|
|
| HINET | HiCOS Citizen verification component - Stack Buffer Overflow |
Affected:
libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404
|
Date Public
2022-07-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "HiCOS Citizen verification component - Stack Buffer Overflow",
"vendor": "HINET",
"versions": [
{
"status": "affected",
"version": "libHicos_p11v1.so CHT PKCS#11 3.0.3.30306"
}
]
},
{
"platforms": [
"Windows"
],
"product": "HiCOS Citizen verification component - Stack Buffer Overflow",
"vendor": "HINET",
"versions": [
{
"status": "affected",
"version": "HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002"
}
]
},
{
"platforms": [
"macOS"
],
"product": "HiCOS Citizen verification component - Stack Buffer Overflow",
"vendor": "HINET",
"versions": [
{
"status": "affected",
"version": "libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404"
}
]
}
],
"datePublic": "2022-07-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-02T15:21:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Download the latest version"
}
],
"source": {
"advisory": "TVN-202207006",
"discovery": "EXTERNAL"
},
"title": "HiCOS Citizen verification component - Stack Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-29T06:52:00.000Z",
"ID": "CVE-2022-35222",
"STATE": "PUBLIC",
"TITLE": "HiCOS Citizen verification component - Stack Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiCOS Citizen verification component - Stack Buffer Overflow",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "=",
"version_value": "libHicos_p11v1.so CHT PKCS#11 3.0.3.30306"
},
{
"platform": "Windows",
"version_affected": "=",
"version_value": "HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002"
},
{
"platform": "macOS",
"version_affected": "=",
"version_value": "libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404"
}
]
}
}
]
},
"vendor_name": "HINET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Download the latest version"
}
],
"source": {
"advisory": "TVN-202207006",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-35222",
"datePublished": "2022-08-02T15:21:00.177Z",
"dateReserved": "2022-07-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:37:53.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35222 (GCVE-0-2022-35222)
Vulnerability from nvd – Published: 2022-08-02 15:21 – Updated: 2024-09-16 20:37
VLAI
Title
HiCOS Citizen verification component - Stack Buffer Overflow
Summary
HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.
Severity
6.8 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| HINET | HiCOS Citizen verification component - Stack Buffer Overflow |
Affected:
libHicos_p11v1.so CHT PKCS#11 3.0.3.30306
|
|
| HINET | HiCOS Citizen verification component - Stack Buffer Overflow |
Affected:
HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002
|
|
| HINET | HiCOS Citizen verification component - Stack Buffer Overflow |
Affected:
libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404
|
Date Public
2022-07-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "HiCOS Citizen verification component - Stack Buffer Overflow",
"vendor": "HINET",
"versions": [
{
"status": "affected",
"version": "libHicos_p11v1.so CHT PKCS#11 3.0.3.30306"
}
]
},
{
"platforms": [
"Windows"
],
"product": "HiCOS Citizen verification component - Stack Buffer Overflow",
"vendor": "HINET",
"versions": [
{
"status": "affected",
"version": "HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002"
}
]
},
{
"platforms": [
"macOS"
],
"product": "HiCOS Citizen verification component - Stack Buffer Overflow",
"vendor": "HINET",
"versions": [
{
"status": "affected",
"version": "libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404"
}
]
}
],
"datePublic": "2022-07-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-02T15:21:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Download the latest version"
}
],
"source": {
"advisory": "TVN-202207006",
"discovery": "EXTERNAL"
},
"title": "HiCOS Citizen verification component - Stack Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-29T06:52:00.000Z",
"ID": "CVE-2022-35222",
"STATE": "PUBLIC",
"TITLE": "HiCOS Citizen verification component - Stack Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiCOS Citizen verification component - Stack Buffer Overflow",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "=",
"version_value": "libHicos_p11v1.so CHT PKCS#11 3.0.3.30306"
},
{
"platform": "Windows",
"version_affected": "=",
"version_value": "HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002"
},
{
"platform": "macOS",
"version_affected": "=",
"version_value": "libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404"
}
]
}
}
]
},
"vendor_name": "HINET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Download the latest version"
}
],
"source": {
"advisory": "TVN-202207006",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-35222",
"datePublished": "2022-08-02T15:21:00.177Z",
"dateReserved": "2022-07-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:37:53.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}