CVE-2020-25843

Summary

NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege.

Affected Software

VendorProductVersion RangeStatus
CHANGING Inc.NHIServiSignAdapter1.0.20.0218affected

Weaknesses

  • CWE-122: CWE-122 Heap-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References