NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without authentication, which requires a system restart to recover service.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.twcert.org.tw/tw/cp-132-6227-eaf49-1.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2022-06-20T05:30:26.758725Z
Updated: 2024-09-17T04:04:01.665Z
Reserved: 2021-12-29T00:00:00
Link: CVE-2021-45918
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-06-20T06:15:08.503
Modified: 2023-06-26T17:49:23.250
Link: CVE-2021-45918
Redhat
No data.