CVSS: 9.8EPSS: 64%CPEs: 1EXPL: 0CVE-2020-25928
https://notcve.org/view.php?id=CVE-2020-25928
18 Aug 2021 — The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: DNS response processing functions: dns_upcall(), getoffset(), dnc_set_answer(). The attack vector is: a specific DNS response packet. The code does not check the "response data length" field of individual DNS answers, which may cause out-of-bounds read/write operations, leading to Information leak, Denial-or-Service, or Remote Code Execution, depending on t... • https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25927
https://notcve.org/view.php?id=CVE-2020-25927
18 Aug 2021 — The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service (remote). The component is: DNS response processing in function: dns_upcall(). The attack vector is: a specific DNS response packet. The code does not check whether the number of queries/responses specified in the DNS packet header corresponds to the query/response data available in the DNS packet. • http://www.iniche.com/source-code/networking-stack/nichestack.php • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25926
https://notcve.org/view.php?id=CVE-2020-25926
18 Aug 2021 — The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning (remote). The component is: dns_query_type(). The attack vector is: a specific DNS response packet. El cliente DNS en InterNicheStack TCP/IP versión 4.0.1, está afectado por: Insuficiente entropía en el id de la transacción DNS. • https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack • CWE-331: Insufficient Entropy •