17 matches found
EUVD-2021-18139
Malware in sbrugna...
CVE-2021-31401
An issue was discovered in tcprcv in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field header length + data length. With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is...
CVE-2021-31401
CVE-2021-31401 affects HCC Embedded’s InterNiche/NicheStack TCP/IP stack (InterNiche 4.0.1). The issue is an improper input validation in TCP/IP processing: the TCP/IP stack does not validate the IP total length, allowing a crafted IP packet to trigger an integer overflow in tcp_rcv() (nptcp.c). ...
CVE-2021-31227
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length,...
CVE-2021-31227
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length,...
CVE-2021-31226
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads...
CVE-2021-31228
An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests without sniffing the specific request. Data is...
Heap overflow
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length,...
Information disclosure
An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests without sniffing the specific request. Data is...
Design/Logic Flaw
An issue was discovered in tcppulloutofband in tcpin.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment's data. If the panic function hadn't a trap...
Heap overflow
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads...
CVE-2021-31400
An issue was discovered in tcppulloutofband in tcpin.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment's data. If the panic function hadn't a trap...
CVE-2021-31400
CVE-2021-31400 affects HCC Embedded InterNiche/NicheStack TCP/IP stack (in tcp_pulloutofband() in tcp_in.c, 4.0.1) where out-of-band urgent data handling may call a panic, potentially causing an infinite loop and DoS. Public sources (NVD, Red Hat CVE page, CERT/ICS, ENISA ENISA, and ICSA Update B...
CVE-2021-31228
An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests without sniffing the specific request. Data is...
CVE-2021-31227
CVE-2021-31227 affects HCC Embedded InterNiche/NicheStack. It is a heap-buffer-overflow in the HTTP POST parsing path (wbs_multidata) caused by an incorrect signed-integer comparison. Exploitation requires sending a malformed HTTP packet with a negative Content-Length, bypassing size checks and t...
CVE-2021-31227
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length,...
CVE-2021-31226
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads...