CVE-2022-1249NULL Pointer Dereference in Project Pesign

CWE-476NULL Pointer Dereference7 documents7 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 67.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pesign Project Pesign
Timeline
PublishedApr 29
Latest updateApr 30

Description

A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5pesign_project/pesignpesign 115

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-3xpm-4m85-6353: A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common2022-04-30
OSV
CVE-2022-1249: A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common2022-04-29
CVEList
CVE-2022-1249: A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common2022-04-29

📋Vendor Advisories

3
Microsoft
A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an expl2022-04-12
Red Hat
pesign: NULL pointer dereference in cms_set_pw_data()2022-03-08
Debian
CVE-2022-1249: pesign - A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function...2022
CVE-2022-1249 — NULL Pointer Dereference | cvebase