RSS   Podatności dla 'Nichestack tcp\/ip'   RSS

2021-08-18
 
CVE-2020-25926

CWE-331
 

 
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning (remote). The component is: dns_query_type(). The attack vector is: a specific DNS response packet.

 
 
CVE-2020-25927

CWE-125
 

 
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service (remote). The component is: DNS response processing in function: dns_upcall(). The attack vector is: a specific DNS response packet. The code does not check whether the number of queries/responses specified in the DNS packet header corresponds to the query/response data available in the DNS packet.

 
 
CVE-2020-25928

CWE-120
 

 
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: DNS response processing functions: dns_upcall(), getoffset(), dnc_set_answer(). The attack vector is: a specific DNS response packet. The code does not check the "response data length" field of individual DNS answers, which may cause out-of-bounds read/write operations, leading to Information leak, Denial-or-Service, or Remote Code Execution, depending on the context.

 

 >>> Vendor: Hcc-embedded 4 Produkty
Interniche
Nichestack
Nichestack tcp\/ip
Nichestack ipv4


Copyright 2021, cxsecurity.com

 

Back to Top