Security advisories

Tuxera is committed to delivering reliable, safe, and secure products and services. Security advisories are published to document remediation for potential security issues and vulnerabilities identified with Tuxera products. Tuxera engineers issue a security advisory when mitigation is available, and will not publicly publish any details that could potentially be used to compromise products in order to reduce or eliminate risks. Critical information is disclosed directly to our strategic partners and customers or authorized distributors in a timely manner as required, related to the risk and the scope of the issue. We respect the security considerations of all customers and will not provide advanced details outside of established channels.

Reporting a vulnerability

Potential security risks and vulnerabilities in Tuxera products are managed through a well-defined process. If you have information about a security issue or vulnerability with a Tuxera product, please e-mail .
Please provide as much information as possible, including:
• The products and versions affected
• A detailed description of the security flaw or vulnerability
• Information on known exploits and ways to reproduce the vulnerability
A member of Tuxera’s Security Response Team will review your e-mail and get in touch with you for collaborating on addressing the issue.

Advisories list

Each advisory in the table below provides information on known security vulnerabilities relevant to our products and can be used to determine whether a particular patch or upgrade is appropriate.
Please keep in mind that this rating is intended to be used as a guide only. Tuxera reserves the right to change or update the information on this page without notice at any time.
Please be in touch with your technical sales agent or account manager assigned to you in case of questions. You can also reach us at .

Advisory IDProductAffected Version
Solution/Fixed VersionDescriptionSeverity
Published dateLast Updated
HCCSEC-000001InterNiche Nichestack,
also NicheLite
v4.3 (Package: in_tcp - v1.9) and beforev4.3 (Package: in_tcp - v1.12) and laterUDP buffer lossImportant2021-05-282022-01-31
HCCSEC-000002InterNiche Nichestack,
also NicheLite
v4.3 (Package: in_common - v1.15) and beforev4.3 (Package: in_common - v1.20) and aboveDuplicate of HCCSEC-000010Important2021-05-282022-01-31
HCCSEC-000003InterNiche Nichestack,
also NicheLite
v4.3 (Package: in_httpsvr - v1.6) and beforev4.3 (Package: in_httpsvr - v1.7) and aboveHTTP heap overflowImportant2021-05-282022-01-31
HCCSEC-000004InterNiche Nichestack,
also NicheLite
v4.3 (Package: in_httpsvr - v1.6) and beforev4.3 (Package: in_httpsvr - v1.7) and aboveHTTP heap overflowModerate2021-05-282022-01-31
HCCSEC-000005nterNiche Nichestack,
also NicheLite
v4.3 (Package: in_common - v1.15) and beforev4.3 (Package: in_common - v1.20) and aboveDuplicate of HCCSEC-000008Moderate2021-05-282022-01-31
HCCSEC-000006InterNiche Nichestack,
also NicheLite
v4.3 (Package: in_tcp - v1.9) and beforev4.3 (Package: in_tcp - v1.12) and laterDNS cache poisoning weaknessLow2021-05-282022-01-31
HCCSEC-000007InterNiche Nichestack,
also NicheLite
v4.3 (Package: in_common - v1.15) and beforev4.3 (Package: in_common - v1.20) and aboveOut-of-bounds readImportant2021-05-282022-01-31
HCCSEC-000008InterNiche Nichestack,
also NicheLite
v4.3 (Package: in_common - v1.15) and beforev4.3 (Package: in_common - v1.20) and aboveDNS cache poisoning weaknessModerate2021-05-282022-01-31
HCCSEC-000009InterNiche Nichestack,
also NicheLite
v4.3 (Package: in_common - v1.15) and beforev4.3 (Package: in_common - v1.20) and aboveOut-of-bounds readImportant2021-05-282022-01-31
HCCSEC-000010InterNiche Nichestack,
also NicheLite
v4.3 (Package: in_common - v1.15) and beforev4.3 (Package: in_common - v1.20) and aboveOut-of-bounds read/writeImportant2021-05-282022-01-31
HCCSEC-000011InterNiche Nichestack,
also NicheLite
v4.3 (Package: in_ipv4 - v1.5) and beforev4.3 (Package: in_ipv4 - v1.6) and aboveInteger overflowLow2021-05-282022-01-31
HCCSEC-000012InterNiche Nichestack,
also NicheLite
v4.3 (Package: in_tcp - v1.9) and beforev4.3 (Package: in_tcp - v1.12) and aboveInteger overflowLow2021-05-282022-01-31
HCCSEC-000013InterNiche Nichestack,
also NicheLite
v4.3 (Package: in_tcp - v1.9) and beforev4.3 (Package: in_tcp - v1.12) and abovePredictable ISNsLow2021-05-282022-01-31
HCCSEC-000014InterNiche Nichestack,
also NicheLite
v4.3 (Package: in_tcp - v1.9) and beforev4.3 (Package: in_tcp - v1.12) and aboveLoop with Unreachable Exit ConditionImportant2021-05-282022-01-31
HCCSEC-000015InterNiche Nichestack,
also NicheLite
v4.3 (Package: in_tcp - v1.9) and beforev4.3 (Package: in_tcp - v1.12) and aboveInteger overflowLow2021-05-282022-01-31
HCCSEC-000016InterNiche Nichestack,
also NicheLite
v4.3 (Package: in_tftp - v1.1) and beforev4.3 (Package: in_tftp - v1.2) and aboveRead out of boundsImportant2021-05-282022-01-31
HCCSEC-000017InterNiche Nichestack,
also NicheLite
v4.3 (Package: in_httpsvr - v1.6) and beforev4.3 (Package: in_httpsvr - v1.7) and aboveUnnecessary panic triggeredModerate2021-05-282022-01-31
HCCSEC-000018InterNiche Nichestack,
also NicheLite
v3.1v4.3* and aboveSegment smackImportant2021-11-092022-01-31
TUXSA-2021-0001
NTFSPROGS
Older versions than NTFSPROGS 3021.4.15.8
Upgrade to NTFSPROGS 3017.7.18.22 or 3021.4.15.8
These vulnerabilities may allow an attacker with both physical access to a device and a maliciously crafted NTFS-formatted USB or other external storage to potentially execute arbitrary code. If the NTFS tool is configured to run automatically when an external storage is plugged into the device, then the code would execute in user space with the same privileges as the NTFS tool used (typically ntfsck) which is usually root. These vulnerabilities result from incorrect validation of some of the NTFS metadata that could potentially cause buffer overflows, which could be exploited by an attacker. Therefore, an attacker needs to have local or physical access to the target to exploit these vulnerabilities. Common ways for attackers to gain physical access to a machine is through social engineering or an evil maid attack on an unattended device.Moderate2021-08-30
2021-08-30
TUXSA-2021-0002
NTFSPROGSOlder versions than NTFSPROGS 3021.4.15.8Upgrade to Tuxera NTFS 3017.7.18.22 or 3021.4.15.8 for QNX, Nucleus, INTEGRITY, Windows Automotive and Linux user space
These vulnerabilities may allow an attacker with both physical access to a device and a maliciously crafted NTFS-formatted USB or other external storage to potentially execute arbitrary code with the same privileges as the NTFS driver when the external storage is plugged into the device. These vulnerabilities result from incorrect validation of some of the NTFS metadata that could potentially cause buffer overflows, which could be exploited by an attacker. Therefore, an attacker needs to have local or physical access to the target to exploit these vulnerabilities. Common ways for attackers to gain physical access to a machine is through social engineering or an evil maid attack on an unattended device.
Moderate2021-08-30
2021-08-30
TUXSA-2022-0001NTFSPROGS
Tuxera NTFS
Older versions than NTFS 3021.4.23.18 and NTFSPROGS 3021.4.15.12Update to NTFS kernel driver 3021.4.23.18 and to NTFSPROGS 3021.4.15.12 These vulnerabilities may allow an attacker with both physical access to a device and a maliciously crafted NTFS-formatted USB or other external storage to potentially execute arbitrary code. These vulnerabilities result from incorrect validation of some of the NTFS metadata that could potentially cause buffer overflows, which could be exploited by an attacker. Therefore, an attacker needs to have local or physical access to the target to exploit these vulnerabilities. Moderate2022-10-182022-10-18

* InterNiche, Nichestack, and NicheLite is technology from Tuxera Hungary (previously HCC Embedded) – a Tuxera company since 2021. This code is maintained for legacy purposes only.