CVE-2021-36762
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd():tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet buffer (if no '\0' byte exists within a reasonable range).
Se ha detectado un problema en HCC Embedded InterNicheStack versiones hasta 4.3. La función packet processing TFTP tfshnd():tftpsrv.c no asegura que un nombre de archivo esté apropiadamente terminado en "\0"; por lo tanto, una llamada posterior a strlen para el nombre de archivo podría leer fuera de límites del búfer de paquetes del protocolo (si no presenta ningún byte "\0" dentro de un rango razonable).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-07-16 CVE Reserved
- 2021-08-19 CVE Published
- 2024-05-04 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack | Mitigation | |
| https://www.hcc-embedded.com/about/about-interniche | Product | |
| https://www.kb.cert.org/vuls/id/608209 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hcc-embedded Search vendor "Hcc-embedded" | Nichestack Search vendor "Hcc-embedded" for product "Nichestack" | < 4.3 Search vendor "Hcc-embedded" for product "Nichestack" and version " < 4.3" | - |
Affected
| ||||||