CVE-2019-12806 Information

Description

UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35111

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8