Login Sign Up

CVE-2021-47895

7.5 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

CVE-2021-47895 is a denial of service vulnerability in Nsauditor 3.2.2.0 where attackers can crash the application by inputting an overly large buffer into the Event Description field. This affects all users running the vulnerable version of Nsauditor network auditing software. The vulnerability requires local or remote access to the application interface.

💻 Affected Systems

Products:
  • Nsauditor Network Security Auditor
Versions: 3.2.2.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects version 3.2.2.0 specifically. Other versions may have different behavior.

📦 What is this software?

Nsauditor by Nsasoft

View all CVEs affecting Nsauditor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash leading to service disruption, potential data loss if unsaved work exists, and interruption of network auditing operations.

🟠

Likely Case

Application crash requiring manual restart, temporary disruption of network monitoring or auditing functions.

🟢

If Mitigated

Minimal impact with proper input validation and application hardening in place.

🌐 Internet-Facing: MEDIUM - If Nsauditor web interface is exposed to internet, attackers could disrupt service remotely.
🏢 Internal Only: MEDIUM - Internal users with access to the application could intentionally or accidentally trigger the crash.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires access to the application interface. Proof of concept demonstrates using 10,000-character buffer of 'U' characters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.3.0 or later

Vendor Advisory: https://www.nsauditor.com/

Restart Required: Yes

Instructions:

1. Download latest version from nsauditor.com. 2. Uninstall current version. 3. Install updated version. 4. Restart system if prompted.

🔧 Temporary Workarounds

Input Validation Restriction

windows

Implement input validation to limit Event Description field length

Not applicable - requires code modification

Application Access Control

windows

Restrict access to Nsauditor interface to trusted users only

Use Windows firewall to block unnecessary access to Nsauditor ports

🧯 If You Can't Patch

  • Restrict application access to only necessary administrative users
  • Implement monitoring for repeated application crashes or unusual input patterns

🔍 How to Verify

Check if Vulnerable:

Check Nsauditor version in Help > About. If version is 3.2.2.0, system is vulnerable.

Check Version:

Check Help > About menu within Nsauditor application

Verify Fix Applied:

After update, verify version is 3.2.3.0 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Application crash events in Windows Event Logs
  • Repeated Nsauditor process termination

Network Indicators:

  • Unusual traffic patterns to Nsauditor interface
  • Multiple connection attempts followed by service disruption

SIEM Query:

EventID=1000 AND Source='Application Error' AND ProcessName='nsauditor.exe'

📊 Metadata

CVE ID: CVE-2021-47895
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-770
EPSS Score: 0.04% exploit probability (9.8th percentile)
Published: January 23, 2026
Last Updated: February 11, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47895, you might also want to check these:

CVE-2024-44241 9.8

This vulnerability in DCP firmware allows attackers to execute arbitrary code or cause system crashe...

Same vulnerability type (CWE-770)
CVE-2025-11832 9.8

This CVE describes a resource allocation vulnerability in Azure Access Technology BLU-IC2 and BLU-IC...

Same vulnerability type (CWE-770)
CVE-2021-47875 9.8

GeoGebra CAS Calculator 6.0.631.0 contains a buffer overflow vulnerability that allows attackers to ...

Same vulnerability type (CWE-770)