23 matches found
CVE-2021-31226
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads...
CVE-2021-31228
An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests without sniffing the specific request. Data is...
CVE-2021-31401
An issue was discovered in tcprcv in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field header length + data length. With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is...
SUSE CVE-2021-31227
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length,...
CVE-2021-36762
An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd:tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet...
CVE-2021-31401
An issue was discovered in tcprcv in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field header length + data length. With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is...
CVE-2021-31228
An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests without sniffing the specific request. Data is...
CVE-2021-36762
An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd:tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet...
CVE-2021-31400
CVE-2021-31400 affects HCC Embedded InterNiche/NicheStack TCP/IP stack (in tcp_pulloutofband() in tcp_in.c, 4.0.1) where out-of-band urgent data handling may call a panic, potentially causing an infinite loop and DoS. Public sources (NVD, Red Hat CVE page, CERT/ICS, ENISA ENISA, and ICSA Update B...
CVE-2021-31228
An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests without sniffing the specific request. Data is...
CVE-2021-31226
CVE-2021-31226 affects HCC Embedded InterNiche/NicheStack (4.0.1) and is caused by a lack of input size validation in the HTTP POST parser, leading to a heap buffer overflow in wbs_post() via strcpy() when a crafted URI longer than 50 bytes is sent. Red Hat/RedHat CVE entries corroborate a heap o...
HCC Embedded InterNiche Buffer Overflow Vulnerability (CNVD-2021-59231)
HCC Embedded InterNiche is a newsletter software. A security vulnerability exists in HCC Embedded InterNiche that originates from a boundary condition in the DNSv4 component. An attacker can exploit the vulnerability to trigger an out-of-bounds read error and cause a denial of service on the syst...
HCC Embedded InterNiche Security Feature Issue Vulnerability
HCC Embedded InterNiche is a newsletter software. A security vulnerability exists in HCC Embedded InterNiche that stems from a DNS client not setting enough random transaction ids in the DNSv4 component.An attacker can exploit this vulnerability to pass specially crafted inputs to the application...
Unspecified Vulnerability in HCC Embedded InterNiche (CNVD-2021-59224)
HCC Embedded InterNiche is a newsletter software. A security vulnerability exists in the HCC Embedded InterNiche stack and NicheLite, which stems from the TFTP message processing feature that does not guarantee that filenames end in null, and can be exploited by an attacker to cause a denial of...
HCC Embedded InterNiche Out-of-Bounds Read Vulnerability
HCC Embedded InterNiche is a newsletter software. An out-of-bounds read vulnerability exists in the HCC Embedded InterNiche stack and NicheLite, which can be exploited by an attacker to cause an out-of-bounds read...
Unspecified Vulnerability in HCC Embedded InterNiche (CNVD-2021-59227)
HCC Embedded InterNiche is a newsletter software. A security vulnerability exists in HCC Embedded InterNiche. The vulnerability stems from the TCP/IP stack parsing HTTP POST request code and can be exploited by an attacker to cause a cache heap overflow...
HCC Embedded InterNiche Input Validation Error Vulnerability
HCC Embedded InterNiche is a newsletter software. An input validation error vulnerability exists in the HCC Embedded InterNiche stack that stems from a lack of IP length validation, which allows an attacker to send specially crafted IP packets to trigger an integer overflow...
HCC Embedded InterNiche 安全漏洞
HCC Embedded InterNiche is a newsletter software. A security vulnerability exists in the HCC Embedded InterNiche stack and NicheLite, which stems from the TFTP message processing feature that does not guarantee that filenames end in null, and can be exploited by an attacker to cause a denial of...
HCC Embedded InterNiche 缓冲区错误漏洞
HCC Embedded InterNiche is a newsletter software. A security vulnerability exists in HCC Embedded InterNiche. The vulnerability stems from the TCP/IP stack parsing HTTP POST request code and can be exploited by an attacker to cause a cache heap overflow...
HCC Embedded InterNiche缓冲区错误漏洞
HCC Embedded InterNiche is a newsletter software. A security vulnerability exists in HCC Embedded InterNiche, which can be exploited by attackers to cause read/write out of bounds...