CVE-2022-35222: HiCOS Citizen verification component - Stack Buffer Overflow

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-35222

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

HiCOS Citizen verification component - Stack Buffer Overflow

Source: NVD (National Vulnerability Database)

Vulnerability Description

HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

跨界内存写

Source: NVD (National Vulnerability Database)

Vulnerability Title

HICOS 缓冲区错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

HICOS是中国MOICA的一种提供 IC 卡之凭证注册至作业系统的工具。 HICOS 存在缓冲区错误漏洞，该漏洞源于其公民验证组件由于参数长度验证不足导致未经身份验证的攻击者可以利用此漏洞执行任意代码、执行系统命令或中断服务。以下版本受到影响：基于Linux平台的libHicos_p11v1.so CHT PKCS#11 3.0.3.30306、基于Windows平台的HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002、基于macOS平台的libHicos_p11v1.dyl

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
HINET	HiCOS Citizen verification component - Stack Buffer Overflow	libHicos_p11v1.so CHT PKCS#11 3.0.3.30306	-
HINET	HiCOS Citizen verification component - Stack Buffer Overflow	HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002	-
HINET	HiCOS Citizen verification component - Stack Buffer Overflow	libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404	-

II. Public POCs for CVE-2022-35222

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-35222

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same vendor: HINET

Same weakness: CWE-787

V. Comments for CVE-2022-35222

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2022-35222

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-35222

III. Intelligence Information for CVE-2022-35222

IV. Related Vulnerabilities

V. Comments for CVE-2022-35222

Leave a comment