CVE-2021-31226
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads to a heap overflow in wbs_post() via an strcpy() call.
Se ha detectado un problema en HCC embedded InterNiche versión 4.0.1. Se presenta un potencial desbordamiento del búfer de la pila en el código que analiza la petición HTTP POST, debido a una falta de comprobación del tamaño. Esta vulnerabilidad requiere que el atacante envíe una petición HTTP POST diseñada con un URI de más de 50 bytes. Esto conlleva a un desbordamiento de pila en la función wbs_post() por medio de una llamada a la función strcpy().
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-04-15 CVE Reserved
- 2021-08-19 CVE Published
- 2024-08-03 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack | Mitigation | |
| https://www.kb.cert.org/vuls/id/608209 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hcc-embedded Search vendor "Hcc-embedded" | Interniche Search vendor "Hcc-embedded" for product "Interniche" | 4.0.1 Search vendor "Hcc-embedded" for product "Interniche" and version "4.0.1" | - |
Affected
| ||||||