CVE-2021-37786

MEDIUM

BAG Covid Certificate < 2.2.0 - Improper Exception Handling

Title source: rule

Description

Certain Federal Office of Information Technology Systems and Telecommunication FOITT products are affected by improper handling of exceptional conditions. This affects COVID Certificate App IOS 2.2.0 and below affected, patch in progress and COVID Certificate Check App IOS 2.2.0 and below affected, patch in progress. A denial of service (physically proximate) could be caused by scanning a crafted QR code.

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/admin-ch/CovidCertificate-App-iOS/issues/146

Scores

CVSS v3 4.6

EPSS 0.0003

EPSS Percentile 8.3%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-755

Status published

Affected Products (1)

bag/covid_certificate < 2.2.0

Timeline

Published Sep 27, 2021

Tracked Since Feb 18, 2026