70 matches found
CVE-2020-35683
CVE-2020-35683 affects HCC Embedded/InterNiche Nichestack/NicheLite prior to version 4.3. The root cause is an unchecked IP payload size used to compute the ICMP checksum, which can cause an out-of-bounds read and lead to Denial-of-Service. Red Hat notes the in_ipv4 module (v1.5) as impacted; CIS...
CVE-2021-36762
An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd:tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet...
CVE-2021-36762
CVE-2021-36762 affects HCC Embedded InterNiche NicheStack and NicheLite up to version 4.3. The tfshnd():tftpsrv.c TFTP packet processing function may read beyond the protocol buffer when a filename isn’t properly NULL-terminated, enabling out-of-bounds reads and potential DoS. Impact is described...
CVE-2021-27565
The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service infinite loop and networking outage via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbsloop debugger hook...
CVE-2021-27565
The CVE-2021-27565 entry affects HCC Embedded’s InterNiche/NicheStack TCP/IP stack (and NicheLite) prior to version 4.3. The issue is an HTTP request handling bug in the stack that can trigger an infinite loop via a valid but unexpected request (e.g., OPTIONS), causing a denial of service by disr...
CVE-2020-25927
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...
CVE-2020-25767
An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnccopyin routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet e.g., forward compression pointer jumps are allowed, which leads to an Out-of-bounds...
CVE-2020-25927
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...
CVE-2020-25926
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning remote. The component is: dnsquerytype. The attack vector is: a specific DNS response packet...
CVE-2020-25928
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code remote. The component is: DNS response processing functions: dnsupcall, getoffset, dncsetanswer. The attack vector is: a specific DNS response packet. The code does not che...
Remote code execution
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code remote. The component is: DNS response processing functions: dnsupcall, getoffset, dncsetanswer. The attack vector is: a specific DNS response packet. The code does not che...
Design/Logic Flaw
An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnccopyin routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet e.g., forward compression pointer jumps are allowed, which leads to an Out-of-bounds...
Design/Logic Flaw
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...
Design/Logic Flaw
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning remote. The component is: dnsquerytype. The attack vector is: a specific DNS response packet...
CVE-2020-25928
The CVE-2020-25928 issue is in HCC Embedded’s InterNiche/NicheStack DNS response processing. The vulnerability stems from not validating the length of DNS answer data, which can cause out-of-bounds reads/writes in dns_upcall(), getoffset(), and dnc_set_answer(). This can enable information leakag...
CVE-2020-25928
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code remote. The component is: DNS response processing functions: dnsupcall, getoffset, dncsetanswer. The attack vector is: a specific DNS response packet. The code does not che...
CVE-2020-25767
CVE-2020-25767 affects HCC Embedded InterNiche/NicheStack (IPv4) prior to 4.3. The root cause is in the dnc_copy_in DNS domain name parser, which fails to validate that compression pointers stay within packet bounds, enabling an out-of-bounds read and potential DoS via crafted DNS data. Affected ...
CVE-2020-25767
An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnccopyin routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet e.g., forward compression pointer jumps are allowed, which leads to an Out-of-bounds...
CVE-2020-25927
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...
CVE-2020-25927
CVE-2020-25927 targets InterNiche/NicheStack TCP/IP (pre-4.3). The DNS response processing path dns_upcall() does not validate the DNS header’s query/response counts against the packet data, causing an out-of-bounds read and potential remote DoS. The ICS/CISA advisory Update B lists this issue am...