CVE-2021-45918
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without authentication, which requires a system restart to recover service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NHI | health insurance web service component | 515BE7DE5BCE446177FEE8A6E0665093 | affected |
| NHI | health insurance web service component | 42fcc36541e716e23de77d5f325b186a | affected |
| NHI | health insurance web service component | 52EACB7CA2B4D0A5A869DF01079BF4D6 | affected |
| NHI | health insurance web service component | 52EACB7CA2B4D0A5A869DF01079BF4D6 | affected |
Weaknesses
- CWE-122: CWE-122 Heap-based Buffer Overflow
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.