Lucene search

K

Hcc-embedded Security Vulnerabilities

cve
cve

CVE-2021-36762

An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd():tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet...

7.5CVSS

7.9AI Score

0.001EPSS

2021-08-19 12:15 PM
27
2
cve
cve

CVE-2021-31401

An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is...

7.5CVSS

8.7AI Score

0.002EPSS

2021-08-19 12:15 PM
25
2
cve
cve

CVE-2020-35685

An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack...

9.1CVSS

9.1AI Score

0.001EPSS

2021-08-19 12:15 PM
34
cve
cve

CVE-2021-27565

The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service (infinite loop and networking outage) via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbs_loop() debugger...

7.5CVSS

7.7AI Score

0.005EPSS

2021-08-19 12:15 PM
28
2
cve
cve

CVE-2020-35684

An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller...

7.5CVSS

7.9AI Score

0.002EPSS

2021-08-19 12:15 PM
26
cve
cve

CVE-2020-35683

An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum...

7.5CVSS

7.8AI Score

0.002EPSS

2021-08-19 12:15 PM
27
cve
cve

CVE-2021-31400

An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment's data. If the panic function hadn't a trap.....

7.5CVSS

7.8AI Score

0.001EPSS

2021-08-19 11:15 AM
28
2
cve
cve

CVE-2021-31226

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads.....

9.8CVSS

9.5AI Score

0.002EPSS

2021-08-19 11:15 AM
32
cve
cve

CVE-2021-31228

An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests (without sniffing the specific request). Data is...

7.5CVSS

7.8AI Score

0.001EPSS

2021-08-19 11:15 AM
35
2
cve
cve

CVE-2021-31227

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length,...

7.5CVSS

8.2AI Score

0.001EPSS

2021-08-19 11:15 AM
30
2
cve
cve

CVE-2020-25928

The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: DNS response processing functions: dns_upcall(), getoffset(), dnc_set_answer(). The attack vector is: a specific DNS response packet. The code...

9.8CVSS

9.8AI Score

0.006EPSS

2021-08-18 07:15 PM
35
cve
cve

CVE-2020-25927

The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service (remote). The component is: DNS response processing in function: dns_upcall(). The attack vector is: a specific DNS response packet. The code does not check whether the...

7.5CVSS

7.8AI Score

0.002EPSS

2021-08-18 07:15 PM
26
cve
cve

CVE-2020-25767

An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_copy_in routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet (e.g., forward compression pointer jumps are allowed), which leads to an...

7.5CVSS

7.9AI Score

0.001EPSS

2021-08-18 07:15 PM
35
cve
cve

CVE-2020-25926

The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning (remote). The component is: dns_query_type(). The attack vector is: a specific DNS response...

7.5CVSS

7.9AI Score

0.001EPSS

2021-08-18 07:15 PM
23