| TVN ID | TVN-202112007 |
|---|---|
| CVE ID | CVE-2021-45918 |
| CVSS | 7.5 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Affected Products | NHI’s health insurance web service component - MD5 HASH: Windows: Setup.zip MD5:515BE7DE5BCE446177FEE8A6E0665093 Mac: NHI.Card.Mac.pkg.zip MD5: 42fcc36541e716e23de77d5f325b186a Linux(Ubuntu): mLNHIICC_Setup.Ubuntu.zip MD5: 52EACB7CA2B4D0A5A869DF01079BF4D6 Linux(Fedora): mLNHIICC_Setup.fedora.zip MD5: 52EACB7CA2B4D0A5A869DF01079BF4D6 |
| Description | NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without authentication, which requires a system restart to recover service. |
| Solution | Download last version |
| Credit | Yu-Hsiang Lin |
| Public Date | 2022-06-20 |
:::