CVE-2019-12806 - UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can o

CVE-2019-12806

Summary

UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets.

References

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35111

Vulnerable Configurations

cpe:2.3:a:crosscert:unisign:-:*:*:*:*:*:*:*
cpe:2.3:a:crosscert:unisign:-:*:*:*:*:*:*:*
cpe:2.3:a:crosscert:unisign:2.0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:crosscert:unisign:2.0.4.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 06-10-2020 - 14:14)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

misc

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35111

Last major update

06-10-2020 - 14:14

Published

13-08-2019 - 20:15

Last modified

06-10-2020 - 14:14