CVE-2022-1249

A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.

CVSS v3 3.3 LOW
CVSS v2.0 2.1 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2065771	Issue Tracking Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pesign_project:pesign:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-04-29 16:15

Updated : 2024-02-28 19:09

NVD link : CVE-2022-1249

Mitre link : CVE-2022-1249

CVE.ORG link : CVE-2022-1249

JSON object : View

Products Affected

pesign_project

pesign

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2022-1249", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2022-04-29T16:15:08.807", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065771", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign."}, {"lang": "es", "value": "Se ha encontrado un fallo de desreferencia de puntero NULL en la funci\u00f3n cms_set_pw_data() del archivo cms_common.c de pesign. La funci\u00f3n falla al manejar la invocaci\u00f3n de NULL pwdata desde el archivo daemon.c, lo que conlleva a una desreferencia de NULL expl\u00edcita y un bloqueo en todos los intentos de demonizaci\u00f3n de pesign"}], "lastModified": "2022-05-11T15:18:34.363", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pesign_project:pesign:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6CF9B19-C930-4FD7-92B2-ADB85455ABF9", "versionEndExcluding": "115"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}