Security Advisories
Product Security Advisories are published for low, moderate and high-risk security issues.. Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers.
This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. HCC does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, HCC’s provision of this information shall not and does not affect the terms or conditions of any agreement with HCC.
HCC reserves the right to change or update this information without notice at any time. If your HCC software license is under an active Support & Maintenance agreement you may however register to be notified when this page is updated for your licensed product.
Learn more about HCC’s Product Security Policy.
Advisories are posted in the table below in reverse chronological order. You need to have a login account and an active Support & Maintenance agreement to navigate down to detail.
| Product | Affected Version | Description | Support ID | CVE / etc. | Publish date | Last Updated |
|---|---|---|---|---|---|---|
| InterNiche stack, also NicheLite | All before v4.3 | Accidentally sending a UDP to a destination Port 0 (using the regular socket API) will cause the stack to lose 1 mbuf | HCCSEC-000001 | 2021-05-28 | 2021-06-15 | |
| InterNiche stack, also NicheLite | All before v4.3 | Potential Heap overflow in UDP packet parsing | HCCSEC-000002 | CVE-2020-25928 | 2021-05-28 | 2021-06-15 |
| InterNiche stack, also NicheLite | All before v4.3 | Potential Heap overflow in HTTP POST Request URI handling | HCCSEC-000003 | CVE-2021-31226 | 2021-05-28 | 2021-06-15 |
| InterNiche stack, also NicheLite | All before v4.3 | Potential Heap overflow in HTTP POST Content-Length handling | HCCSEC-000004 | CVE-2021-31227 | 2021-05-28 | 2021-06-15 |
| InterNiche stack, also NicheLite | All before v4.3 | Lack of DNS Transaction ID Randomization | HCCSEC-000005 | CVE-2020-25926 | 2021-05-28 | 2021-06-15 |
| InterNiche stack, also NicheLite | All before v4.3 | Weak DNS Source Port Randomization | HCCSEC-000006 | CVE-2021-31228 | 2021-05-28 | 2021-06-15 |
| InterNiche stack, also NicheLite | All before v4.3 | DNS domain name parsing function `dnc_copyin()` and `getoffset()` | HCCSEC-000007 | CVE-2020-25767 | 2021-05-28 | 2021-06-15 |
| InterNiche stack, also NicheLite | All before v4.3 | DNS client initializtion `dns_query_type()` | HCCSEC-000008 | CVE-2020-25926 | 2021-05-28 | 2021-06-15 |
| InterNiche stack, also NicheLite | All before v4.3 | DNS response parsing routine `dns_upcall()` | HCCSEC-000009 | CVE-2020-25927 | 2021-05-28 | 2021-06-15 |
| InterNiche stack, also NicheLite | All before v4.3 | DNS response packet parsing in `dns_upcall()`, `dnc_set_answer()`, `getoffset()` | HCCSEC-000010 | CVE-2020-25928 | 2021-05-28 | 2021-06-15 |
| InterNiche stack, also NicheLite | All before v4.3 | ICMP packet demultiplexing function `icmprcv` in `icmp.c`, ICMP checksum computation function `ccksum()` in `cksum.c` (and possibly others) | HCCSEC-000011 | CVE-2020-35683 | 2021-05-28 | 2021-06-15 |
| InterNiche stack, also NicheLite | All before v4.3 | TCP checksum calculation function `tcp_cksum` in `tcpcksum.c` | HCCSEC-000012 | CVE-2020-35684 | 2021-05-28 | 2021-06-15 |
| InterNiche stack, also NicheLite | All before v4.3 | TCP Initial Sequence Number (ISN) Generation | HCCSEC-000013 | CVE-2020-35685 | 2021-05-28 | 2021-06-15 |
| InterNiche stack, also NicheLite | All before v4.3 | TCP out of band urgent data processing function | HCCSEC-000014 | CVE-2021-31400 | 2021-05-28 | 2021-06-15 |
| InterNiche stack, also NicheLite | All before v4.3 | TCP header processing function `tcp_rcv` in `nptcp.c` | HCCSEC-000015 | CVE-2021-31401 | 2021-05-28 | 2021-06-15 |
| InterNiche stack, also NicheLite | All before v4.3 | TFTP packet processing function `tfshnd():tftpsrv.c:209`, strlen on a non-null terminated string | HCCSEC-000016 | 2021-05-28 | 2021-06-15 | |
| InterNiche stack, also NicheLite | All before v4.3 | Whenever an unknown HTTP request is received, a panic is invoked. | HCCSEC-000017 | 2021-05-28 | 2021-06-15 |