Skip to content

Latest commit

 

History

History
executable file
·
40 lines (27 loc) · 1.52 KB

nichestack-http-server-dos-xray-194049.md

File metadata and controls

executable file
·
40 lines (27 loc) · 1.52 KB
description title date_published last_updated xray_id vul_id cvss severity discovered_by type
CVE-2021-31227 High severity. A heap buffer overflow exists in NicheStack in the code that parses the HTTP POST request due to an incorrect signed integer comparison
NicheStack HTTP server DoS
2021-08-04
2021-08-04
XRAY-194049
CVE-2021-31227
7.5
high
Denys Vozniuk
vulnerability

Summary

A heap buffer overflow exists in NicheStack in the code that parses the HTTP POST request due to an incorrect signed integer comparison

Component

InterNiche TCP/IP stack

Affected versions

InterNiche (, 4.3), fixed in 4.3

Description

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length, which bypasses the size checks and results in a large heap overflow in the wbs_multidata buffer copy.

PoC

No PoC is supplied for this issue

Vulnerability mitigations

If not needed, disable the NicheStack HTTP server through the NicheStack CLI

References

(JFrog) INFRA:HALT New Vulnerabilities Impacting OT and Critical Infrastructure

NVD