Buffer overflow in Nsasoft Spotauditor
CVE-2021-27722
An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the "Key" or "Name" field while registering.
Vulnerability class: Buffer Overflow
EPSS: 0.007 (48.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H.
Affected products
- Nsasoft Spotauditor — versions 5.3.5
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (VDB Entry, Third Party Advisory, x_refsource_MISC, Not Applicable)
- cve@mitre.org (VDB Entry, Third Party Advisory, x_refsource_MISC, Not Applicable)
Frequently asked questions
- What is CVE-2021-27722?
- CVE-2021-27722 is a medium-severity vulnerability in Nsasoft Spotauditor, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 5.5/10. Published 2021-11-02.
- How severe is CVE-2021-27722?
- Medium severity. CVSS v3 base score is 5.5 out of 10.