CVE-2022-1249

Опубликовано: 08 мар. 2022

Источник: redhat

CVSS3: 4

EPSS Низкий

Описание

A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.

Отчет

Red Hat Enterprise Linux 7, 8, and 9 are not affected, because vulnerable code is introduced upstream with pesign v114, whereas, Red Hat ships pesign v113 and lower. Red Hat Product Security has rated this issue as having a Low security impact. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 7	pesign	Not affected
Red Hat Enterprise Linux 8	pesign	Not affected
Red Hat Enterprise Linux 9	pesign	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=2065771pesign: NULL pointer dereference in cms_set_pw_data()

EPSS

Процентиль: 34%

0.0014

Низкий

4 Medium

CVSS3

Связанные уязвимости

CVE-2022-1249

CVSS3: 3.3

ubuntu

почти 4 года назад

CVE-2022-1249

CVSS3: 3.3

nvd

почти 4 года назад

CVE-2022-1249

CVSS3: 3.3

msrc

4 месяца назад

CVE-2022-1249

CVSS3: 3.3

debian

почти 4 года назад

A NULL pointer dereference flaw was found in pesign's cms_set_pw_data( ...

GHSA-3xpm-4m85-6353

CVSS3: 3.3

github

почти 4 года назад

EPSS

Процентиль: 34%

0.0014

Низкий

4 Medium

CVSS3