漏洞标题
HiCOS’客户端公民数字证书 - 栈缓冲区溢出
漏洞描述信息
HiCOS的客户端公民数字证书 - 栈缓冲区溢出
CVSS信息
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
漏洞描述信息
HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
CVSS信息
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
跨界内存写
漏洞标题
Hicos Citizen Certificate Client-side Component 缓冲区错误漏洞
漏洞描述信息
Hicos Citizen Certificate Client-side Component是一个公民证书客户端组件。 Hicos Citizen Certificate Client-side Component 存在安全漏洞,该漏洞源于token信息的参数长度验证不足,未经身份验证的攻击者利用此漏洞可以执行任意代码、操作系统数据或终止服务。
CVSS信息
N/A
漏洞类别
缓冲区错误