Cyber Resilience

CVE-2021-47895

MediumPublic PoC

Published: 23 January 2026

Published
23 January 2026
Modified
11 February 2026
KEV Added
Patch
CVSS Score v4 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0012 30.8th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-47895 is a medium-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Nsasoft Nsauditor. Its CVSS base score is 6.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 30.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2021-47895 is a denial-of-service vulnerability in Nsauditor version 3.2.2.0, a network security auditing tool. The flaw allows attackers to crash the application by overwriting the Event Description field with a large buffer, such as a 10,000-character string of 'U' characters pasted into the field. This triggers an unhandled buffer overflow, leading to application termination, and is classified under CWE-770 (Allocation of Resources Without Limits or Throttling).

The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable over the network with low complexity, requiring no privileges or user interaction, and results in high availability impact with no confidentiality or integrity effects. Any remote attacker can achieve this by sending the oversized input to a targeted Nsauditor instance, causing a crash and denying service to legitimate users.

Advisories from VulnCheck and a proof-of-concept exploit on Exploit-DB (ID 49568) document the issue, with the vendor site at nsauditor.com providing product details but no specific patch information in the available references. Security practitioners should upgrade to newer versions if available or discontinue use of the affected release.

A public PoC exploit confirms practical exploitability, though no evidence of widespread real-world attacks is noted in the provided data.

EU & UK References

Vulnerability details

Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Event Description field with a large buffer. Attackers can generate a 10,000-character 'U' buffer and paste it into the Event Description field…

more

to trigger an application crash.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Buffer overflow input triggers unhandled crash in the target application, directly enabling Endpoint DoS via software exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2020-37130Same product: Nsasoft Nsauditor
CVE-2021-47815Same product: Nsasoft Nsauditor
CVE-2018-25213Same product: Nsasoft Nsauditor
CVE-2020-37119Same product: Nsasoft Nsauditor
CVE-2020-37205Same vendor: Nsasoft
CVE-2019-25434Same vendor: Nsasoft
CVE-2020-37206Same vendor: Nsasoft
CVE-2020-37204Same vendor: Nsasoft
CVE-2020-37211Same vendor: Nsasoft
CVE-2020-37196Same vendor: Nsasoft

Affected Assets

nsasoft
nsauditor
3.2.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of inputs to the Event Description field to reject oversized buffers like the 10,000-character string, directly preventing the buffer overflow crash.

preventdetect

Implements denial-of-service protections such as input throttling and resource limits to block remote oversized input attacks that crash Nsauditor.

prevent

Restricts the amount of data that can be input into fields like Event Description, mitigating CWE-770 unbounded allocation leading to application termination.

References