Pesign Project Pesign vulnerabilities
2 known vulnerabilities affecting pesign_project/pesign.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2022-3560MEDIUMCVSS 5.5fixed in 116vAll versions up to pesign-1152023-02-02
CVE-2022-3560 [MEDIUM] CWE-22 CVE-2022-3560: A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign d
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain acces
cvelistv5nvdosv
CVE-2022-1249LOWCVSS 3.3fixed in 115vpesign 1152022-04-29
CVE-2022-1249 [LOW] CWE-476 CVE-2022-1249: A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c
A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.
cvelistv5nvd