{"containers": {"cna": {"affected": [{"platforms": ["Windows"], "product": "health insurance web service component", "vendor": "NHI", "versions": [{"status": "affected", "version": "515BE7DE5BCE446177FEE8A6E0665093"}]}, {"platforms": ["Mac"], "product": "health insurance web service component", "vendor": "NHI", "versions": [{"status": "affected", "version": "42fcc36541e716e23de77d5f325b186a"}]}, {"platforms": ["Linux(Ubuntu)"], "product": "health insurance web service component", "vendor": "NHI", "versions": [{"status": "affected", "version": "52EACB7CA2B4D0A5A869DF01079BF4D6"}]}, {"platforms": ["Linux(Fedora)"], "product": "health insurance web service component", "vendor": "NHI", "versions": [{"status": "affected", "version": "52EACB7CA2B4D0A5A869DF01079BF4D6"}]}], "credits": [{"lang": "en", "value": "Yu-Hsiang Lin"}], "datePublic": "2022-06-20T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "NHI\u2019s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without authentication, which requires a system restart to recover service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-20T05:30:26.000Z", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.twcert.org.tw/tw/cp-132-6227-eaf49-1.html"}], "solutions": [{"lang": "en", "value": "Download last version"}], "source": {"advisory": "TVN-202112007", "discovery": "EXTERNAL"}, "title": "NHI\u2019s health insurance web service component \u2013 Heap-based Buffer Overflow", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2022-06-20T05:16:00.000Z", "ID": "CVE-2021-45918", "STATE": "PUBLIC", "TITLE": "NHI\u2019s health insurance web service component \u2013 Heap-based Buffer Overflow"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "health insurance web service component", "version": {"version_data": [{"platform": "Windows", "version_affected": "=", "version_value": "515BE7DE5BCE446177FEE8A6E0665093"}, {"platform": "Mac", "version_affected": "=", "version_value": "42fcc36541e716e23de77d5f325b186a"}, {"platform": "Linux(Ubuntu)", "version_affected": "=", "version_value": "52EACB7CA2B4D0A5A869DF01079BF4D6"}, {"platform": "Linux(Fedora)", "version_affected": "=", "version_value": "52EACB7CA2B4D0A5A869DF01079BF4D6"}]}}]}, "vendor_name": "NHI"}]}}, "credit": [{"lang": "eng", "value": "Yu-Hsiang Lin"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NHI\u2019s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without authentication, which requires a system restart to recover service."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-122 Heap-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://www.twcert.org.tw/tw/cp-132-6227-eaf49-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-6227-eaf49-1.html"}]}, "solution": [{"lang": "en", "value": "Download last version"}], "source": {"advisory": "TVN-202112007", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:54:31.155Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.twcert.org.tw/tw/cp-132-6227-eaf49-1.html"}]}]}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2021-45918", "datePublished": "2022-06-20T05:30:26.758Z", "dateReserved": "2021-12-29T00:00:00.000Z", "dateUpdated": "2024-09-17T04:04:01.665Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nhi:health_insurance_web_service_component:-:*:*:*:*:*:*:*", "matchCriteriaId": "0379276F-4782-4249-82EF-A26C6EE14E8B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "NHI\u2019s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without authentication, which requires a system restart to recover service."}, {"lang": "es", "value": "El componente del servicio web del seguro de salud de NHI no comprueba suficientemente la longitud de las cadenas de entrada, lo que puede resultar en un ataque de desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria. Un atacante remoto puede explotar esta vulnerabilidad para inundar el espacio de memoria reservado para el programa, con el fin de interrumpir el servicio sin autenticaci\u00f3n, lo que requiere un reinicio del sistema para recuperar el servicio"}], "id": "CVE-2021-45918", "lastModified": "2024-11-21T06:33:16.403", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "twcert@cert.org.tw", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-20T06:15:08.503", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-6227-eaf49-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-6227-eaf49-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "twcert@cert.org.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-1284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}