InterNiche Security Vulnerabilities

Advisory ID: HCCSEC-000014

Publish Date: 2021-05-28

Last Updated: 2021-06-15

Revision: 1.1

Summary

The TCP out of band urgent data processing function would invoke a panic function if the pointer to the end of the out of band urgent data points out of the TCP segment's data. If the panic function hadn't a trap invocation removed it will result in an infite loop and therefore a DoS (continuous loop or a device reset).

HCC is recommending customers with affected product versions to update to the latest release.

Affected Products

Security Notices are being issued for the following products:

Product Name Affected Version Security Notice Last Updated
InterNiche Stack,
also NicheLite
All before v4.3
(Package: in_tcp - v1.9)
Contact HCC Security Team 2021-06-04

Risk Assessment

The risks for these vulnerabilities are rated from Low to High. Refer to the product Security Notices for additional statements regarding risk.

Mitigation / Recommended Action

HCC has fixed the issue in release v4.3 (Package: in_tcp - v1.12) of the affected software. Customers are advised to update their software to version v4.3 (Package: in_tcp - v1.12) or above. Customers are advised to review the product Security Notice. For additional information, contact the HCC Security Team.

External References

VU#608209.8

Related CVEs / CWEs / Advisories

CVE-2021-31400, CWE-835

Page Revision History

Version Date Description
1.1 2021-06-15 Name and version added of fixed Package
1.0 2021-05-28 Initial Version