CVE-2022-32961

Summary

HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.

Affected Software

VendorProductVersion RangeStatus
HINETHiCOS’ client-side citizen digital certificateunspecified <= 11 3.0.3.30306affected
HINETHiCOS’ client-side citizen digital certificateunspecified <= 11 3.1.0.00002affected
HINETHiCOS’ client-side citizen digital certificateunspecified <= 11 3.0.3.30404affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CVE Program Container

Additional References

References