CVE-2020-25844

Summary

The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege.

Affected Software

VendorProductVersion RangeStatus
CHANGING Inc.NHIServiSignAdapter1.0.20.0218affected

Weaknesses

  • CWE-121: CWE-121 Stack-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References