본문내용 바로가기 메인메뉴 바로가기

하단내용 바로가기

Security Advisory (Korean)

Security Advisory Detail
CVE-2019-12806 | UniSign Buffer Overflow Vulnerability2019.08.13
□ Overview

 o CROSSCERT released security update to address buffer overflow vulnerability in UniSign.

Vulnerability Type

Impact

Severity

CVE ID

Buffer overflow Code execution

High

CVE-2019-12806

 

□ Description

 o UniSign contains a stack-based overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in the library. That leads remote attacker to execute arbitrary code via crafted https packets. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.

 

□ Affected Product

Product

Version

PlatForm

UniSign

2.0.4.0 and prior

Windows


□ Solution

 o Update software over UniSign 2.0.5.0 version

 

□ Reference site

https://www.unisign.co.kr/

 

□ Acknowledgements

 o Thanks to Kiwan Ko for reporting this vulerability