CVE-2022-1249

A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.

Published: Apr 29, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-1249
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.3
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
pesign_project / pesign	-	115

https://bugzilla.redhat.com/show_bug.cgi?id=2065771

Vulnerability Database

CVE-2022-1249