Product Security Advisories are published for low, moderate and high-risk security issues.. Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers.

This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. HCC does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, HCC’s provision of this information shall not and does not affect the terms or conditions of any agreement with HCC.

HCC reserves the right to change or update this information without notice at any time. If your HCC software license is under an active Support & Maintenance agreement you may however register to be notified when this page is updated for your licensed product.

Learn more about HCC’s Product Security Policy.

Advisories are posted in the table below in reverse chronological order. You need to have a login account and an active Support & Maintenance agreement to navigate down to detail.

Product Affected Version Description Support ID CVE / etc. Publish date Last Updated
InterNiche stack,
also NicheLite
All before v4.3 Accidentally sending a UDP to a destination Port 0 (using the regular socket API) will cause the stack to lose 1 mbuf HCCSEC-000001   2021-05-28 2021-06-15
InterNiche stack,
also NicheLite
All before v4.3 Potential Heap overflow in UDP packet parsing HCCSEC-000002 CVE-2020-25928 2021-05-28 2021-06-15
InterNiche stack,
also NicheLite
All before v4.3 Potential Heap overflow in HTTP POST Request URI handling HCCSEC-000003 CVE-2021-31226 2021-05-28 2021-06-15
InterNiche stack,
also NicheLite
All before v4.3 Potential Heap overflow in HTTP POST Content-Length handling HCCSEC-000004 CVE-2021-31227 2021-05-28 2021-06-15
InterNiche stack,
also NicheLite
All before v4.3 Lack of DNS Transaction ID Randomization HCCSEC-000005 CVE-2020-25926 2021-05-28 2021-06-15
InterNiche stack,
also NicheLite
All before v4.3 Weak DNS Source Port Randomization HCCSEC-000006 CVE-2021-31228 2021-05-28 2021-06-15
InterNiche stack,
also NicheLite
All before v4.3 DNS domain name parsing function `dnc_copyin()` and `getoffset()` HCCSEC-000007 CVE-2020-25767 2021-05-28 2021-06-15
InterNiche stack,
also NicheLite
All before v4.3 DNS client initializtion `dns_query_type()` HCCSEC-000008 CVE-2020-25926 2021-05-28 2021-06-15
InterNiche stack,
also NicheLite
All before v4.3 DNS response parsing routine `dns_upcall()` HCCSEC-000009 CVE-2020-25927 2021-05-28 2021-06-15
InterNiche stack,
also NicheLite
All before v4.3 DNS response packet parsing in `dns_upcall()`, `dnc_set_answer()`, `getoffset()` HCCSEC-000010 CVE-2020-25928 2021-05-28 2021-06-15
InterNiche stack,
also NicheLite
All before v4.3 ICMP packet demultiplexing function `icmprcv` in `icmp.c`, ICMP checksum computation function `ccksum()` in `cksum.c` (and possibly others) HCCSEC-000011 CVE-2020-35683 2021-05-28 2021-06-15
InterNiche stack,
also NicheLite
All before v4.3 TCP checksum calculation function `tcp_cksum` in `tcpcksum.c` HCCSEC-000012 CVE-2020-35684 2021-05-28 2021-06-15
InterNiche stack,
also NicheLite
All before v4.3 TCP Initial Sequence Number (ISN) Generation HCCSEC-000013 CVE-2020-35685 2021-05-28 2021-06-15
InterNiche stack,
also NicheLite
All before v4.3 TCP out of band urgent data processing function HCCSEC-000014 CVE-2021-31400 2021-05-28 2021-06-15
InterNiche stack,
also NicheLite
All before v4.3 TCP header processing function `tcp_rcv` in `nptcp.c` HCCSEC-000015 CVE-2021-31401 2021-05-28 2021-06-15
InterNiche stack,
also NicheLite
All before v4.3 TFTP packet processing function `tfshnd():tftpsrv.c:209`, strlen on a non-null terminated string HCCSEC-000016   2021-05-28 2021-06-15
InterNiche stack,
also NicheLite
All before v4.3 Whenever an unknown HTTP request is received, a panic is invoked. HCCSEC-000017   2021-05-28 2021-06-15