NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A