CVE-2022-1249 — LOW (3.3) — White Hats Nepal

Q: How severe is CVE-2022-1249?

CVE-2022-1249 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-1249?

Check the references section above for vendor advisories and patch information. Affected products include: Pesign Project Pesign.

Vulnerability Description

A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.

CVSS Score

3.3

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Pesign Project	Pesign	< 115

Related Weaknesses (CWE)

CWE-476

References

https://bugzilla.redhat.com/show_bug.cgi?id=2065771Issue TrackingPatchThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2065771Issue TrackingPatchThird Party Advisory

FAQ

What is CVE-2022-1249?

CVE-2022-1249 is a vulnerability with a CVSS score of 3.3 (LOW). A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an expl...

How severe is CVE-2022-1249?

CVE-2022-1249 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-1249?

Check the references section above for vendor advisories and patch information. Affected products include: Pesign Project Pesign.