21 matches found
CVE-2021-27565
The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service infinite loop and networking outage via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbsloop debugger hook...
EUVD-2020-18558
Malware in sbrugna...
CVE-2020-25927
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...
CVE-2021-27565
The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service infinite loop and networking outage via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbsloop debugger hook...
CVE-2021-27565
The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service infinite loop and networking outage via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbsloop debugger hook...
Design/Logic Flaw
The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service infinite loop and networking outage via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbsloop debugger hook...
CVE-2021-36762
An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd:tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet...
CVE-2021-27565
The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service infinite loop and networking outage via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbsloop debugger hook...
CVE-2021-27565
The CVE-2021-27565 entry affects HCC Embedded’s InterNiche/NicheStack TCP/IP stack (and NicheLite) prior to version 4.3. The issue is an HTTP request handling bug in the stack that can trigger an infinite loop via a valid but unexpected request (e.g., OPTIONS), causing a denial of service by disr...
CVE-2020-25927
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...
CVE-2020-25927
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...
CVE-2020-25928
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code remote. The component is: DNS response processing functions: dnsupcall, getoffset, dncsetanswer. The attack vector is: a specific DNS response packet. The code does not che...
Remote code execution
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code remote. The component is: DNS response processing functions: dnsupcall, getoffset, dncsetanswer. The attack vector is: a specific DNS response packet. The code does not che...
Design/Logic Flaw
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...
Design/Logic Flaw
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning remote. The component is: dnsquerytype. The attack vector is: a specific DNS response packet...
CVE-2020-25928
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code remote. The component is: DNS response processing functions: dnsupcall, getoffset, dncsetanswer. The attack vector is: a specific DNS response packet. The code does not che...
CVE-2020-25927
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...
CVE-2020-25927
CVE-2020-25927 targets InterNiche/NicheStack TCP/IP (pre-4.3). The DNS response processing path dns_upcall() does not validate the DNS header’s query/response counts against the packet data, causing an out-of-bounds read and potential remote DoS. The ICS/CISA advisory Update B lists this issue am...
CVE-2020-25926
Summary of CVE-2020-25926 (INFRA:HALT) in HCC Embedded/NicheStack: The DNS client in InterNiche NicheStack TCP/IP (pre-4.3) suffers from insufficient entropy in DNS transaction IDs, enabling remote DNS cache poisoning via specially crafted responses. The related ICS/National advisories enumerate ...
CVE-2020-25926
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning remote. The component is: dnsquerytype. The attack vector is: a specific DNS response packet...