CVE-2021-31227
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length, which bypasses the size checks and results in a large heap overflow in the wbs_multidata buffer copy.
Se ha detectado un problema en HCC embedded InterNiche versión 4.0.1. Se presenta un potencial desbordamiento del búfer de la pila en el código que analiza la petición HTTP POST, debido a una comparación incorrecta de enteros con signo. Esta vulnerabilidad requiere que el atacante envíe un paquete HTTP malformado con un Content-Length negativo, que omita las comprobaciones de tamaño y resulte en un gran desbordamiento de la pila en la copia del buffer wbs_multidata.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-04-15 CVE Reserved
- 2021-08-19 CVE Published
- 2024-05-04 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack | Mitigation | |
| https://www.kb.cert.org/vuls/id/608209 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hcc-embedded Search vendor "Hcc-embedded" | Nichestack Search vendor "Hcc-embedded" for product "Nichestack" | < 4.3 Search vendor "Hcc-embedded" for product "Nichestack" and version " < 4.3" | - |
Affected
| ||||||