CVE-2021-36762

Опубликовано: 19 авг. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd():tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet buffer (if no '\0' byte exists within a reasonable range).

Ссылки

https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/
Mitigation
Third Party Advisory
https://www.hcc-embedded.com/about/about-interniche
Product
https://www.kb.cert.org/vuls/id/608209
Third Party Advisory
US Government Resource
https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/
Mitigation
Third Party Advisory
https://www.hcc-embedded.com/about/about-interniche
Product
https://www.kb.cert.org/vuls/id/608209
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hcc-embedded:nichestack:*:*:*:*:*:*:*:*

Версия до 4.3 (исключая)

EPSS

Процентиль: 57%

0.00353

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-xj6g-7vq6-3mcm

CVSS3: 7.5

github

больше 3 лет назад

BDU:2021-04219

CVSS3: 7.5

fstec

больше 4 лет назад

Уязвимость реализации функции обработки TFTP-пакетов стеков TCP/IP NicheLite и InterNiche, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 57%

0.00353

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

NVD-CWE-Other