CVE-2021-47895
Unknown Unknown - Not Provided
Buffer Overflow in Nsauditor 3.2.2.0 Causes Denial of Service

Publication date: 2026-01-23

Last updated on: 2026-02-11

Assigner: VulnCheck

Description
Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Event Description field with a large buffer. Attackers can generate a 10,000-character 'U' buffer and paste it into the Event Description field to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-02-11
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47895
EUVD
EUVD-2026-4294
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nsasoft nsauditor 3.2.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47895 is a Denial of Service (DoS) vulnerability in Nsauditor version 3.2.2.0. It occurs because the application does not limit the size of input in the Event Description field. An attacker can paste a very large buffer (for example, 10,000 characters of 'U') into this field, which causes the application to crash or become unresponsive. [1, 2]

Impact Analysis

This vulnerability can cause the Nsauditor application to crash or become unresponsive, resulting in a denial of service. This means legitimate users may be unable to use the application while it is crashed, potentially disrupting security event monitoring or other functions provided by the software. [1, 2]

Detection Guidance

This vulnerability can be detected by attempting to reproduce the denial of service condition on the Nsauditor 3.2.2.0 application. Specifically, create a large buffer of 10,000 'U' characters (for example, using a Python script to generate a text file with this content), then copy and paste this buffer into the Event Description field within the Security Events configuration of the application. If the application crashes or becomes unresponsive, the vulnerability is present. There are no specific network detection commands since the attack requires local user interaction and local access. [2]

Mitigation Strategies

Immediate mitigation steps include avoiding pasting or entering excessively large inputs (such as 10,000-character strings) into the Event Description field in Nsauditor 3.2.2.0. Restrict local user access to trusted users only, and monitor for unusual application crashes. Additionally, check for any available patches or updates from the vendor to address this denial of service vulnerability. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47895. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart