CVE-2021-45918

NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without authentication, which requires a system restart to recover service.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-6227-eaf49-1.html Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:nhi:health_insurance_web_service_component:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-06-20 06:15

Updated : 2023-06-26 17:49


NVD link : CVE-2021-45918

Mitre link : CVE-2021-45918

CVE.ORG link : CVE-2021-45918


JSON object : View

Products Affected

nhi

  • health_insurance_web_service_component
CWE
CWE-1284

Improper Validation of Specified Quantity in Input

CWE-122

Heap-based Buffer Overflow