CVE-2021-47815
BaseFortify
Publication date: 2026-01-16
Last updated on: 2026-05-01
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nsasoft | nsauditor | to 3.2.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47815 is a denial of service vulnerability in Nsauditor version 3.2.3. It occurs because the application does not properly handle a large input buffer in the registration code input field. Specifically, if an attacker pastes a string of 256 repeated characters into the 'Key' field of the registration dialog, it causes the application to crash or become unresponsive, resulting in a denial of service. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by causing the Nsauditor application to crash or become unresponsive when a specially crafted input is entered in the registration code field. This results in a denial of service, potentially disrupting your ability to use the application until it is restarted. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the denial of service condition on the affected application. Specifically, you can test by launching Nsauditor version 3.2.3, navigating to Register > Enter Registration Code, entering any value in the 'Name' field, and then pasting a string of 256 repeated characters (e.g., 256 'A's) into the 'Key' field. If the application crashes or becomes unresponsive, the vulnerability is present. There are no specific network commands mentioned for detection, but this manual test on the application itself is the suggested method. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps are not explicitly detailed in the provided resources. However, as this is a denial of service vulnerability triggered by inputting a large buffer into the 'Key' field, immediate steps could include restricting access to the application to trusted users only, avoiding pasting or entering unusually long registration keys, and monitoring for crashes. Applying any available patches or updates from the vendor would be recommended once available.