Vulnerabilities > CVE-2021-45918 - Improper Validation of Specified Quantity in Input vulnerability in NHI Health Insurance web Service Component

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

nhi

CWE-1284

NVD

Published: 2022-06-20

Updated: 2023-06-26

Summary

NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without authentication, which requires a system restart to recover service.

Vulnerable Configurations

Part	Description	Count
Application	Nhi NHI Health Insurance WEB Service Component -	1

Common Weakness Enumeration (CWE)

CWE-1284 - Improper Validation of Specified Quantity in Input

References

https://www.twcert.org.tw/tw/cp-132-6227-eaf49-1.html