Nhi: Security Vulnerabilities
The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A local area network attacker with general user privilege can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-02
The NHI card’s web service component has a heap-based buffer overflow vulnerability due to insufficient validation for packet origin parameter length. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-02
The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet key parameter. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-02
NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without authentication, which requires a system restart to recover service.
CVSS Score
7.5
EPSS Score
0.007
Published
2022-06-20