CVE-2022-35222

Summary

HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.

Affected Software

VendorProductVersion RangeStatus
HINETHiCOS Citizen verification component - Stack Buffer OverflowlibHicos_p11v1.so CHT PKCS#11 3.0.3.30306affected
HINETHiCOS Citizen verification component - Stack Buffer OverflowHiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002affected
HINETHiCOS Citizen verification component - Stack Buffer OverflowlibHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CVE Program Container

Additional References

References