116 matches found
CVE-2021-36762
CVE-2021-36762 affects HCC Embedded InterNiche NicheStack and NicheLite up to version 4.3. The tfshnd():tftpsrv.c TFTP packet processing function may read beyond the protocol buffer when a filename isn’t properly NULL-terminated, enabling out-of-bounds reads and potential DoS. Impact is described...
CVE-2021-36762
An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd:tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet...
CVE-2021-27565
The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service infinite loop and networking outage via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbsloop debugger hook...
CVE-2021-27565
The CVE-2021-27565 entry affects HCC Embedded’s InterNiche/NicheStack TCP/IP stack (and NicheLite) prior to version 4.3. The issue is an HTTP request handling bug in the stack that can trigger an infinite loop via a valid but unexpected request (e.g., OPTIONS), causing a denial of service by disr...
CVE-2021-31400
CVE-2021-31400 affects HCC Embedded InterNiche/NicheStack TCP/IP stack (in tcp_pulloutofband() in tcp_in.c, 4.0.1) where out-of-band urgent data handling may call a panic, potentially causing an infinite loop and DoS. Public sources (NVD, Red Hat CVE page, CERT/ICS, ENISA ENISA, and ICSA Update B...
CVE-2021-31400
An issue was discovered in tcppulloutofband in tcpin.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment's data. If the panic function hadn't a trap...
CVE-2021-31228
An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests without sniffing the specific request. Data is...
CVE-2021-31228
CVE-2021-31228 is a vulnerability in HCC Embedded’s InterNiche/NicheStack TCP/IP stack. The issue allows an attacker to predict the DNS query source port, enabling forged DNS responses to be accepted as valid by a DNS client (without needing to sniff the specific query). The Common details indica...
CVE-2021-31227
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length,...
CVE-2021-31227
CVE-2021-31227 affects HCC Embedded InterNiche/NicheStack. It is a heap-buffer-overflow in the HTTP POST parsing path (wbs_multidata) caused by an incorrect signed-integer comparison. Exploitation requires sending a malformed HTTP packet with a negative Content-Length, bypassing size checks and t...
CVE-2021-31226
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads...
CVE-2021-31226
CVE-2021-31226 affects HCC Embedded InterNiche/NicheStack (4.0.1) and is caused by a lack of input size validation in the HTTP POST parser, leading to a heap buffer overflow in wbs_post() via strcpy() when a crafted URI longer than 50 bytes is sent. Red Hat/RedHat CVE entries corroborate a heap o...
CVE-2020-25928
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code remote. The component is: DNS response processing functions: dnsupcall, getoffset, dncsetanswer. The attack vector is: a specific DNS response packet. The code does not che...
CVE-2020-25926
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning remote. The component is: dnsquerytype. The attack vector is: a specific DNS response packet...
CVE-2020-25928
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code remote. The component is: DNS response processing functions: dnsupcall, getoffset, dncsetanswer. The attack vector is: a specific DNS response packet. The code does not che...
CVE-2020-25927
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...
CVE-2020-25927
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...
Design/Logic Flaw
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...
Remote code execution
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code remote. The component is: DNS response processing functions: dnsupcall, getoffset, dncsetanswer. The attack vector is: a specific DNS response packet. The code does not che...
Design/Logic Flaw
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning remote. The component is: dnsquerytype. The attack vector is: a specific DNS response packet...