Product Security Advisory HCCSEC-000011
InterNiche Security Vulnerabilities
Advisory ID: HCCSEC-000011
Publish Date: 2021-05-28
Last Updated: 2021-06-15
The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service condition.
HCC is recommending customers with affected product versions to update to the latest release.
Security Notices are being issued for the following products:
|Product Name||Affected Version||Security Notice||Last Updated|
|InterNiche Stack, |
|All before v4.3 |
(Package: in_ipv4 - v1.5)
|Contact HCC Security Team||2021-06-04|
The risks for these vulnerabilities are rated from Low to High. Refer to the product Security Notices for additional statements regarding risk.
Mitigation / Recommended Action
HCC has fixed the issue in release v4.3 (Package: in_common - v1.20) of the affected software. Customers are advised to update their software to version v4.3 (Package: in_common - v1.20) or above. Customers are advised to review the product Security Notice. For additional information, contact the HCC Security Team.
Related CVEs / CWEs / Advisories
Page Revision History
|1.1||2021-06-15||Name and version added of fixed Package|