2065771 – (CVE-2022-1249) CVE-2022-1249 pesign: NULL pointer dereference in cms_set_pw_data()

Bug 2065771 (CVE-2022-1249) - CVE-2022-1249 pesign: NULL pointer dereference in cms_set_pw_data()

Summary: CVE-2022-1249 pesign: NULL pointer dereference in cms_set_pw_data()

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2022-1249
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2065772
Blocks:	2065773 2072393
TreeView+	depends on / blocked

Reported:	2022-03-18 17:12 UTC by Pedro Sampaio
Modified:	2022-04-07 09:20 UTC (History)
CC List:	5 users (show)
Fixed In Version:	pesign 115
Doc Type:	If docs needed, set a value
Doc Text:	A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.
Clone Of:
Environment:
Last Closed:	2022-03-25 13:01:24 UTC
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2022-03-18 17:12:13 UTC

A flaw was found in pesign. The cms_set_pw_data function didn't handle the NULL pwdata invocation from daemon.c.  This leads to a explicit NULL dereference and crash on all attempts to daemonize pesign.

Introducing commit:

https://github.com/frozencemetery/pesign/commit/12f16710ee44ef64ddb044a3523c3c4c4d90039a

Upstream fix:

https://github.com/rhboot/pesign/pull/79

Comment 1 Pedro Sampaio 2022-03-18 17:12:51 UTC

Created pesign tracking bugs for this issue:

Affects: fedora-all [bug 2065772]

Note You need to log in before you can comment on or make changes to this bug.