CVE-2021-45918

Summary

NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without authentication, which requires a system restart to recover service.

Affected Software

VendorProductVersion RangeStatus
NHIhealth insurance web service component515BE7DE5BCE446177FEE8A6E0665093affected
NHIhealth insurance web service component42fcc36541e716e23de77d5f325b186aaffected
NHIhealth insurance web service component52EACB7CA2B4D0A5A869DF01079BF4D6affected
NHIhealth insurance web service component52EACB7CA2B4D0A5A869DF01079BF4D6affected

Weaknesses

  • CWE-122: CWE-122 Heap-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References