Vulnerability Details : CVE-2022-32962
HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2022-32962
- cpe:2.3:a:hinet:hicos_natural_person_credential_component_client:3.1.0.00002:*:*:*:*:windows:*:*
- cpe:2.3:a:hinet:hicos_natural_person_credential_component_client:3.0.3.30306:*:*:*:*:linux:*:*
- cpe:2.3:a:hinet:hicos_natural_person_credential_component_client:3.0.3.30404:*:*:*:*:macos:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-32962
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-32962
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
TWCERT/CC |
CWE ids for CVE-2022-32962
-
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.Assigned by:
- nvd@nist.gov (Primary)
- twcert@cert.org.tw (Secondary)
References for CVE-2022-32962
-
https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html
TWCERT/CC台灣電腦網路危機處理暨協調中心|企業資安通報協處|資安情資分享|漏洞通報|資安聯盟|資安電子報-HiCOS 自然人憑證元件客戶端 - Double FreeThird Party Advisory
Jump to