41 matches found
CVE-2021-31226
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads...
CVE-2021-31228
An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests without sniffing the specific request. Data is...
CVE-2021-31401
An issue was discovered in tcprcv in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field header length + data length. With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is...
EUVD-2021-23350
Malware in sbrugna...
EUVD-2020-18418
Malware in sbrugna...
EUVD-2021-18311
Malware in sbrugna...
CVE-2021-36762
An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd:tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet...
CVE-2020-25767
An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnccopyin routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet e.g., forward compression pointer jumps are allowed, which leads to an Out-of-bounds...
SUSE CVE-2020-25767
An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnccopyin routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet e.g., forward compression pointer jumps are allowed, which leads to an Out-of-bounds...
SUSE CVE-2021-31227
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length,...
SUSE CVE-2021-31226
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads...
CVE-2021-36762
An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd:tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet...
CVE-2021-31401
An issue was discovered in tcprcv in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field header length + data length. With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is...
Out-of-bounds
An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd:tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet...
CVE-2021-31228
An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests without sniffing the specific request. Data is...
CVE-2021-36762
An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd:tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet...
CVE-2021-36762
CVE-2021-36762 affects HCC Embedded InterNiche NicheStack and NicheLite up to version 4.3. The tfshnd():tftpsrv.c TFTP packet processing function may read beyond the protocol buffer when a filename isn’t properly NULL-terminated, enabling out-of-bounds reads and potential DoS. Impact is described...
CVE-2021-31400
CVE-2021-31400 affects HCC Embedded InterNiche/NicheStack TCP/IP stack (in tcp_pulloutofband() in tcp_in.c, 4.0.1) where out-of-band urgent data handling may call a panic, potentially causing an infinite loop and DoS. Public sources (NVD, Red Hat CVE page, CERT/ICS, ENISA ENISA, and ICSA Update B...
CVE-2021-31228
An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests without sniffing the specific request. Data is...
CVE-2021-31227
CVE-2021-31227 affects HCC Embedded InterNiche/NicheStack. It is a heap-buffer-overflow in the HTTP POST parsing path (wbs_multidata) caused by an incorrect signed-integer comparison. Exploitation requires sending a malformed HTTP packet with a negative Content-Length, bypassing size checks and t...