Product Security Advisories are published for low, moderate and high-risk security issues.. Each advisory provides information on the status of investigation and provides additional information on products confirmed to be affected and recommended action to be taken by customers.

This information is provided on an "as is" basis and does not grant or imply any guarantees or warranties, including the warranties of merchantability or fitness for a particular use. HCC does not guarantee that any of the information is accurate or up to date. By using the information, you acknowledge and agree that your use of the information, or the documents or materials linked to this information, is at your own risk. In addition, HCC’s provision of this information shall not and does not affect the terms or conditions of any agreement with HCC.

HCC reserves the right to change or update this information without notice at any time. If your HCC software license is under an active Support & Maintenance agreement you may however register to be notified when this page is updated for your licensed product.

Learn more about HCC’s Product Security Policy.

Advisories are posted in the table below in reverse chronological order. You need to have a login account and an active Support & Maintenance agreement to navigate down to detail.

Product Affected Version Fixed Version Description Support ID CVE / etc. Publish date Last Updated
InterNiche stack,
also NicheLite
v4.3 (Package: in_tcp - v1.9) and before v4.3 (Package: in_tcp - v1.12) and later Accidentally sending a UDP to a destination Port 0 (using the regular socket API) will cause the stack to lose 1 mbuf HCCSEC-000001   2021-05-28 2021-07-08
InterNiche stack,
also NicheLite
v4.3 (Package: in_common - v1.15) and before v4.3 (Package: in_common - v1.20) and above Duplicate of HCCSEC-000010 HCCSEC-000002   2021-05-28 2021-07-08
InterNiche stack,
also NicheLite
v4.3 (Package: in_httpsvr - v1.6) and before v4.3 (Package: in_httpsvr - v1.7) and above A potential heap-buffer overflow exists in the code that parses the HTTP POST request due to lack of size validation. HCCSEC-000003 CVE-2021-31226 2021-05-28 2021-07-08
InterNiche stack,
also NicheLite
v4.3 (Package: in_httpsvr - v1.6) and before v4.3 (Package: in_httpsvr - v1.7) and above A potential heap buffer overflow exists in the code that parses the HTTP POST request due to an incorrect signed integer comparison. HCCSEC-000004 CVE-2021-31227 2021-05-28 2021-07-08
InterNiche stack,
also NicheLite
v4.3 (Package: in_common - v1.15) and before v4.3 (Package: in_common - v1.20) and above Duplicate of HCCSEC-000008 HCCSEC-000005   2021-05-28 2021-07-08
InterNiche stack,
also NicheLite
v4.3 (Package: in_tcp - v1.9) and before v4.3 (Package: in_tcp - v1.12) and later It may be possible to predict DNS queries’ source port to then send forged DNS response packets, which may be accepted as valid answers. HCCSEC-000006 CVE-2021-31228 2021-05-28 2021-07-08
InterNiche stack,
also NicheLite
v4.3 (Package: in_common - v1.15) and before v4.3 (Package: in_common - v1.20) and above When parsing DNS domain names, there are no checks on whether a domain name compression pointer is pointing within the bounds of the packet, which may result in an out-of-bounds read. HCCSEC-000007 CVE-2020-25767 2021-05-28 2021-07-08
InterNiche stack,
also NicheLite
v4.3 (Package: in_common - v1.15) and before v4.3 (Package: in_common - v1.20) and above The DNS client does not set sufficiently randomize transaction IDs, facilitating DNS cache poisoning attacks. HCCSEC-000008 CVE-2020-25926 2021-05-28 2021-07-08
InterNiche stack,
also NicheLite
v4.3 (Package: in_common - v1.15) and before v4.3 (Package: in_common - v1.20) and above The number of queries or responses specified in the DNS packet header are not validated with the query/response data available in the DNS packet, leading to an out-of-bounds read. HCCSEC-000009 CVE-2020-25927 2021-05-28 2021-07-08
InterNiche stack,
also NicheLite
v4.3 (Package: in_common - v1.15) and before v4.3 (Package: in_common - v1.20) and above The routine for parsing DNS response packets does not check the “response data length” field of individual DNS answers, which may cause an out-of-bounds read/write. HCCSEC-000010 CVE-2020-25928 2021-05-28 2021-07-08
InterNiche stack,
also NicheLite
v4.3 (Package: in_ipv4 - v1.5) and before v4.3 (Package: in_ipv4 - v1.6) and above The code that parses ICMP packets relies on an unchecked value of the IP payload size to compute the ICMP checksum, which may result in an out-of-bounds read. HCCSEC-000011 CVE-2020-35683 2021-05-28 2021-07-08
InterNiche stack,
also NicheLite
v4.3 (Package: in_tcp - v1.9) and before v4.3 (Package: in_tcp - v1.12) and above The code that parses TCP packets relies on an unchecked value of the IP payload size to compute the length of the TCP payload within the TCP checksum computation function, which may result in an out-of-bounds read. HCCSEC-000012 CVE-2020-35684 2021-05-28 2021-07-08
InterNiche stack,
also NicheLite
v4.3 (Package: in_tcp - v1.9) and before v4.3 (Package: in_tcp - v1.12) and above TCP ISNs are improperly random, which may result in TCP spoofing. HCCSEC-000013 CVE-2020-35685 2021-05-28 2021-07-08
InterNiche stack,
also NicheLite
v4.3 (Package: in_tcp - v1.9) and before v4.3 (Package: in_tcp - v1.12) and above The TCP urgent data processing function may invoke a panic function, which may result in an infinite loop. HCCSEC-000014 CVE-2021-31400 2021-05-28 2021-07-08
InterNiche stack,
also NicheLite
v4.3 (Package: in_tcp - v1.9) and before v4.3 (Package: in_tcp - v1.12) and above A specially crafted IP packet could trigger an integer overflow due to the lack of IP length validation. HCCSEC-000015 CVE-2021-31401 2021-05-28 2021-07-08
InterNiche stack,
also NicheLite
v4.3 (Package: in_tftp - v1.1) and before v4.3 (Package: in_tftp - v1.2) and above TFTP packet processing function `tfshnd():tftpsrv.c:209`, strlen on a non-null terminated string HCCSEC-000016 CVE-2021-36762 2021-05-28 2021-07-21
InterNiche stack,
also NicheLite
v4.3 (Package: in_httpsvr - v1.6) and before v4.3 (Package: in_httpsvr - v1.7) and above Unhandled HTTP requests result in an infinite loop that disrupts TCP/IP communication. HCCSEC-000017 CVE-2021-27565 2021-05-28 2021-07-08