InterNiche Security Vulnerabilities

Advisory ID: HCCSEC-000004

Publish Date: 2021-05-28

Last Updated: 2021-06-15

Revision: 1.1

Summary

A potential heap-buffer overflow exists in the code that parses the HTTP POST request due to an incorrect signed integer comparison.

HCC is recommending customers with affected product versions to update to the latest release.

Affected Products

Security Notices are being issued for the following products:

Product Name Affected Version Security Notice Last Updated
InterNiche Stack,
also NicheLite
All before v4.3
(Package: in_httpsvr - v1.6)
Contact HCC Security Team 2021-06-04

Risk Assessment

The risks for these vulnerabilities are rated from Low to High. Refer to the product Security Notices for additional statements regarding risk.

Mitigation / Recommended Action

HCC has fixed the issue in release v4.3 (Package: in_httpsvr - v1.7) of the affected software. Customers are advised to update their software to version v4.3 (Package: in_httpsvr - v1.7) or above. Customers are advised to review the product Security Notice. For additional information, contact the HCC Security Team.

External References

N/A

Related CVEs / CWEs / Advisories

CVE-2021-31227

Page Revision History

Version Date Description
1.1 2021-06-05 Name and version added of fixed Package
1.0 2021-05-28 Initial Version