CVE-2022-35217

Summary

The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A local area network attacker with general user privilege can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.

Affected Software

VendorProductVersion RangeStatus
NHIcard’s web service componentdae0509e5aabde2f110ce8418af67cf7affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CVE Program Container

Additional References

References