CVE-2020-25843
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| CHANGING Inc. | NHIServiSignAdapter | 1.0.20.0218 | affected |
Weaknesses
- CWE-122: CWE-122 Heap-based Buffer Overflow
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.