PT-2022-12468 · Unknown · Nhi'S Health Insurance Web Service
Yu-Hsiang Lin
·
Published
2022-06-20
·
Updated
2023-06-26
·
CVE-2021-45918
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
NHI's health insurance web service component (affected versions not specified)
Description
The issue is related to insufficient validation for input string length in the health insurance web service component, which can lead to a heap-based buffer overflow attack. A remote attacker can exploit this to flood the memory space reserved for the program, terminating the service without authentication. This requires a system restart to recover the service.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Nhi'S Health Insurance Web Service