An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf | Mitigation Third Party Advisory |
https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/ | Mitigation Third Party Advisory |
https://www.kb.cert.org/vuls/id/608209 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-19T11:25:42
Updated: 2021-08-19T11:26:03
Reserved: 2021-04-15T00:00:00
Link: CVE-2021-31401
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-19T12:15:08.893
Modified: 2021-08-26T18:09:19.857
Link: CVE-2021-31401
JSON object: View
Redhat Information
No data.
CWE