Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-31401

An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.

Published

2021-08-19T12:15:08.893

Last Modified

2024-11-21T06:05:35.287

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-20
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application hcc-embedded nichestack < 4.3 Yes
Operating System siemens sentron_3wl_com35_firmware < 1.2.0 Yes
Hardware siemens sentron_3wl_com35 - No
Operating System siemens sentron_3wa_com190_firmware < 2.0.0 Yes
Hardware siemens sentron_3wa_com190 - No
References