| description | title | date_published | last_updated | xray_id | vul_id | cvss | severity | discovered_by | type |
|---|---|---|---|---|---|---|---|---|---|
CVE-2021-31226 Critical severity. Heap overflow in InterNiche TCP/IP stack's HTTP server leads to remote code execution when sending a crafted HTTP POST request |
InterNiche HTTP server heap overflow |
2021-08-04 |
2021-08-04 |
XRAY-194046 |
CVE-2021-31226 |
9.8 |
critical |
Denys Vozniuk |
vulnerability |
Heap overflow in InterNiche TCP/IP stack's HTTP server leads to remote code execution when sending a crafted HTTP POST request
InterNiche (, 4.3), fixed in 4.3
NicheStack (also known as InterNiche stack) is a proprietary TCP/IP stack developed originally by InterNiche Technologies and acquired by HCC Embedded in 2016. A heap-based buffer overflow was discovered when the NicheStack HTTP server parses HTTP POST packets. CVE-2021-31226 occurs during the parsing of the HTTP Request URI field in the function ht_readmsg. After making sure the packet has a valid Content-Length header value, the parsing logic gets the pointer to the request URI (requri) by calling ht_nextarg on the HTTP request’s buffer and stores this pointer in the header_struct->fi->requri. A request URI string larger than 52 bytes will overflow into the fixed-size heap buffer via a vulnerable strcpy call. Note that the HTTP server is optional, and may be disabled or compiled-out entirely.
No PoC is supplied for this issue
If not needed, disable the NicheStack HTTP server through the NicheStack CLI
(JFrog) INFRA:HALT New Vulnerabilities Impacting OT and Critical Infrastructure