Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for card’s web service component by NHI

    CVE-2022-35219 (GCVE-0-2022-35219)

    Vulnerability from nvd – Published: 2022-08-02 15:20 – Updated: 2024-09-16 23:51
    VLAI
    Title
    NHI card’s web service component - Stack-based Buffer Overflow-2
    Summary
    The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet key parameter. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    NHI card’s web service component Affected: dae0509e5aabde2f110ce8418af67cf7
    Create a notification for this product.
    Date Public
    2022-07-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:29:17.464Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6355-3bdab-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "card\u2019s web service component",
              "vendor": "NHI",
              "versions": [
                {
                  "status": "affected",
                  "version": "dae0509e5aabde2f110ce8418af67cf7"
                }
              ]
            }
          ],
          "datePublic": "2022-07-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The NHI card\u2019s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet key parameter. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-02T15:20:19.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6355-3bdab-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download the latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202207003",
            "discovery": "EXTERNAL"
          },
          "title": "NHI card\u2019s web service component - Stack-based Buffer Overflow-2",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-29T06:33:00.000Z",
              "ID": "CVE-2022-35219",
              "STATE": "PUBLIC",
              "TITLE": "NHI card\u2019s web service component - Stack-based Buffer Overflow-2"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "card\u2019s web service component",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "=",
                                "version_value": "dae0509e5aabde2f110ce8418af67cf7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NHI"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The NHI card\u2019s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet key parameter. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6355-3bdab-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6355-3bdab-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download the latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202207003",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-35219",
        "datePublished": "2022-08-02T15:20:19.164Z",
        "dateReserved": "2022-07-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:51:28.770Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-35218 (GCVE-0-2022-35218)

    Vulnerability from nvd – Published: 2022-08-02 15:20 – Updated: 2024-09-16 19:15
    VLAI
    Title
    NHI card’s web service component - Heap-based Buffer Overflow
    Summary
    The NHI card’s web service component has a heap-based buffer overflow vulnerability due to insufficient validation for packet origin parameter length. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    NHI card’s web service component Affected: dae0509e5aabde2f110ce8418af67cf7
    Create a notification for this product.
    Date Public
    2022-07-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:29:17.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6354-1cf61-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "card\u2019s web service component",
              "vendor": "NHI",
              "versions": [
                {
                  "status": "affected",
                  "version": "dae0509e5aabde2f110ce8418af67cf7"
                }
              ]
            }
          ],
          "datePublic": "2022-07-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The NHI card\u2019s web service component has a heap-based buffer overflow vulnerability due to insufficient validation for packet origin parameter length. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-02T15:20:04.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6354-1cf61-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download the latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202207002",
            "discovery": "EXTERNAL"
          },
          "title": "NHI card\u2019s web service component - Heap-based Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-29T06:33:00.000Z",
              "ID": "CVE-2022-35218",
              "STATE": "PUBLIC",
              "TITLE": "NHI card\u2019s web service component - Heap-based Buffer Overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "card\u2019s web service component",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "=",
                                "version_value": "dae0509e5aabde2f110ce8418af67cf7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NHI"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The NHI card\u2019s web service component has a heap-based buffer overflow vulnerability due to insufficient validation for packet origin parameter length. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6354-1cf61-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6354-1cf61-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download the latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202207002",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-35218",
        "datePublished": "2022-08-02T15:20:04.675Z",
        "dateReserved": "2022-07-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:15:40.514Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-35217 (GCVE-0-2022-35217)

    Vulnerability from nvd – Published: 2022-08-02 02:55 – Updated: 2024-09-16 20:53
    VLAI
    Title
    NHI card’s web service component - Stack-based Buffer Overflow-1
    Summary
    The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A local area network attacker with general user privilege can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    NHI card’s web service component Affected: dae0509e5aabde2f110ce8418af67cf7
    Create a notification for this product.
    Date Public
    2022-07-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:29:17.401Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6353-31470-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "card\u2019s web service component",
              "vendor": "NHI",
              "versions": [
                {
                  "status": "affected",
                  "version": "dae0509e5aabde2f110ce8418af67cf7"
                }
              ]
            }
          ],
          "datePublic": "2022-07-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The NHI card\u2019s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A local area network attacker with general user privilege can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-02T02:55:28.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6353-31470-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download the latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202207001",
            "discovery": "EXTERNAL"
          },
          "title": "NHI card\u2019s web service component - Stack-based Buffer Overflow-1",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-29T06:33:00.000Z",
              "ID": "CVE-2022-35217",
              "STATE": "PUBLIC",
              "TITLE": "NHI card\u2019s web service component - Stack-based Buffer Overflow-1"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "card\u2019s web service component",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "=",
                                "version_value": "dae0509e5aabde2f110ce8418af67cf7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NHI"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The NHI card\u2019s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A local area network attacker with general user privilege can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6353-31470-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6353-31470-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download the latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202207001",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-35217",
        "datePublished": "2022-08-02T02:55:28.143Z",
        "dateReserved": "2022-07-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:53:13.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-35219 (GCVE-0-2022-35219)

    Vulnerability from cvelistv5 – Published: 2022-08-02 15:20 – Updated: 2024-09-16 23:51
    VLAI
    Title
    NHI card’s web service component - Stack-based Buffer Overflow-2
    Summary
    The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet key parameter. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    NHI card’s web service component Affected: dae0509e5aabde2f110ce8418af67cf7
    Create a notification for this product.
    Date Public
    2022-07-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:29:17.464Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6355-3bdab-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "card\u2019s web service component",
              "vendor": "NHI",
              "versions": [
                {
                  "status": "affected",
                  "version": "dae0509e5aabde2f110ce8418af67cf7"
                }
              ]
            }
          ],
          "datePublic": "2022-07-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The NHI card\u2019s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet key parameter. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-02T15:20:19.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6355-3bdab-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download the latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202207003",
            "discovery": "EXTERNAL"
          },
          "title": "NHI card\u2019s web service component - Stack-based Buffer Overflow-2",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-29T06:33:00.000Z",
              "ID": "CVE-2022-35219",
              "STATE": "PUBLIC",
              "TITLE": "NHI card\u2019s web service component - Stack-based Buffer Overflow-2"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "card\u2019s web service component",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "=",
                                "version_value": "dae0509e5aabde2f110ce8418af67cf7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NHI"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The NHI card\u2019s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet key parameter. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6355-3bdab-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6355-3bdab-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download the latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202207003",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-35219",
        "datePublished": "2022-08-02T15:20:19.164Z",
        "dateReserved": "2022-07-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:51:28.770Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-35218 (GCVE-0-2022-35218)

    Vulnerability from cvelistv5 – Published: 2022-08-02 15:20 – Updated: 2024-09-16 19:15
    VLAI
    Title
    NHI card’s web service component - Heap-based Buffer Overflow
    Summary
    The NHI card’s web service component has a heap-based buffer overflow vulnerability due to insufficient validation for packet origin parameter length. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    NHI card’s web service component Affected: dae0509e5aabde2f110ce8418af67cf7
    Create a notification for this product.
    Date Public
    2022-07-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:29:17.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6354-1cf61-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "card\u2019s web service component",
              "vendor": "NHI",
              "versions": [
                {
                  "status": "affected",
                  "version": "dae0509e5aabde2f110ce8418af67cf7"
                }
              ]
            }
          ],
          "datePublic": "2022-07-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The NHI card\u2019s web service component has a heap-based buffer overflow vulnerability due to insufficient validation for packet origin parameter length. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-02T15:20:04.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6354-1cf61-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download the latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202207002",
            "discovery": "EXTERNAL"
          },
          "title": "NHI card\u2019s web service component - Heap-based Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-29T06:33:00.000Z",
              "ID": "CVE-2022-35218",
              "STATE": "PUBLIC",
              "TITLE": "NHI card\u2019s web service component - Heap-based Buffer Overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "card\u2019s web service component",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "=",
                                "version_value": "dae0509e5aabde2f110ce8418af67cf7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NHI"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The NHI card\u2019s web service component has a heap-based buffer overflow vulnerability due to insufficient validation for packet origin parameter length. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6354-1cf61-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6354-1cf61-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download the latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202207002",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-35218",
        "datePublished": "2022-08-02T15:20:04.675Z",
        "dateReserved": "2022-07-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:15:40.514Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-35217 (GCVE-0-2022-35217)

    Vulnerability from cvelistv5 – Published: 2022-08-02 02:55 – Updated: 2024-09-16 20:53
    VLAI
    Title
    NHI card’s web service component - Stack-based Buffer Overflow-1
    Summary
    The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A local area network attacker with general user privilege can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    NHI card’s web service component Affected: dae0509e5aabde2f110ce8418af67cf7
    Create a notification for this product.
    Date Public
    2022-07-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:29:17.401Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6353-31470-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "card\u2019s web service component",
              "vendor": "NHI",
              "versions": [
                {
                  "status": "affected",
                  "version": "dae0509e5aabde2f110ce8418af67cf7"
                }
              ]
            }
          ],
          "datePublic": "2022-07-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The NHI card\u2019s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A local area network attacker with general user privilege can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-02T02:55:28.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-6353-31470-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Download the latest version"
            }
          ],
          "source": {
            "advisory": "TVN-202207001",
            "discovery": "EXTERNAL"
          },
          "title": "NHI card\u2019s web service component - Stack-based Buffer Overflow-1",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2022-07-29T06:33:00.000Z",
              "ID": "CVE-2022-35217",
              "STATE": "PUBLIC",
              "TITLE": "NHI card\u2019s web service component - Stack-based Buffer Overflow-1"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "card\u2019s web service component",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "=",
                                "version_value": "dae0509e5aabde2f110ce8418af67cf7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NHI"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The NHI card\u2019s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A local area network attacker with general user privilege can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-6353-31470-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-6353-31470-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Download the latest version"
              }
            ],
            "source": {
              "advisory": "TVN-202207001",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-35217",
        "datePublished": "2022-08-02T02:55:28.143Z",
        "dateReserved": "2022-07-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:53:13.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }