AZL-9655

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-9655.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-9655

Upstream

CVE-2022-1249

Published

2022-04-29T16:15:08Z

Modified

2026-04-21T04:35:06.343397Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

CVE-2022-1249 affecting package pesign 0.112-32

Details

A NULL pointer dereference flaw was found in pesign's cmssetpwdata() function of the cmscommon.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-1249

Affected packages

Azure Linux:2 / pesign

Package

Name: pesign
Purl: pkg:rpm/azure-linux/pesign

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

0.112-32

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-9655.json"