go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

HiCOS Citizen verification component - Stack Buffer Overflow

TVN ID TVN-202207006
CVE ID CVE-2022-35222
CVSS 6.8 (Medium)
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products Linux: libHicos_p11v1.so CHT PKCS#11 3.0.3.30306
Windows: HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002
macOS: libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404
Description HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.
Solution Download the latest version from MOICA內政部憑證管理中心官網(https://moica.nat.gov.tw/rac_plugin.html)
Credit how2hack (CCoE)
Public Date 2022-07-29

Links

  1. CVE-2022-35222
  2. MOICA內政部憑證管理中心官網
Top