CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25767
https://notcve.org/view.php?id=CVE-2020-25767
18 Aug 2021 — An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_copy_in routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet (e.g., forward compression pointer jumps are allowed), which leads to an Out-of-bounds Read, and a Denial-of-Service as a consequence. Se ha detectado un problema en HCC Embedded NicheStack IPv4 versión 4.1. La rutina dnc_copy_in para analizar los nombres de dominio DNS no comprueba si un puntero... • https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25927
https://notcve.org/view.php?id=CVE-2020-25927
18 Aug 2021 — The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service (remote). The component is: DNS response processing in function: dns_upcall(). The attack vector is: a specific DNS response packet. The code does not check whether the number of queries/responses specified in the DNS packet header corresponds to the query/response data available in the DNS packet. • http://www.iniche.com/source-code/networking-stack/nichestack.php • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25926
https://notcve.org/view.php?id=CVE-2020-25926
18 Aug 2021 — The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning (remote). The component is: dns_query_type(). The attack vector is: a specific DNS response packet. El cliente DNS en InterNicheStack TCP/IP versión 4.0.1, está afectado por: Insuficiente entropía en el id de la transacción DNS. • https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack • CWE-331: Insufficient Entropy •