exploitDog

CVE-2022-35219

Опубликовано: 02 авг. 2022

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet key parameter. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service.

Ссылки

https://www.twcert.org.tw/tw/cp-132-6355-3bdab-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-6355-3bdab-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:nhi:health_insurance_web_service_component:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00047

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-787

CWE-770

Связанные уязвимости

GHSA-xgxg-3wg9-5qvg

CVSS3: 5.5

github

больше 3 лет назад

The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet key parameter. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service.

EPSS

Процентиль: 15%

0.00047

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-787

CWE-770