What the vulnerability does

01Description

A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.

Key dates

02Disclosure timeline

April 29, 2022 CVE published
August 2, 2024 Record updated