Описание
HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:hinet:hicos_natural_person_credential_component_client:3.0.3.30306:*:*:*:*:linux:*:*
cpe:2.3:a:hinet:hicos_natural_person_credential_component_client:3.0.3.30404:*:*:*:*:macos:*:*
cpe:2.3:a:hinet:hicos_natural_person_credential_component_client:3.1.0.00002:*:*:*:*:windows:*:*
EPSS
Процентиль: 22%
0.00071
Низкий
6.8 Medium
CVSS3
Дефекты
CWE-415
CWE-415
Связанные уязвимости
CVSS3: 6.8
github
больше 3 лет назад
HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.
EPSS
Процентиль: 22%
0.00071
Низкий
6.8 Medium
CVSS3
Дефекты
CWE-415
CWE-415