PT-2021-16738 · Unknown · Nucleus Source Code+3
Published
2021-04-22
·
Updated
2024-02-13
·
CVE-2021-25663
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Capital Embedded AR Classic 431-422 versions all
Capital Embedded AR Classic R20-11 versions all through V2303
Nucleus NET versions all
Nucleus ReadyStart V3 versions all through V2017.02.4
Nucleus ReadyStart V4 versions all through V4.1.0
Nucleus Source Code versions all
Description
A vulnerability has been identified that affects the function processing IPv6 headers, which fails to check the lengths of extension header options. This allows attackers to put the function into an infinite loop using crafted length values.
Recommendations
For Capital Embedded AR Classic 431-422, consider disabling the IPv6 functionality until a patch is available.
For Capital Embedded AR Classic R20-11, update to version V2303 or later.
For Nucleus NET, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For Nucleus ReadyStart V3, update to version V2017.02.4 or later.
For Nucleus ReadyStart V4, update to version V4.1.0 or later.
For Nucleus Source Code, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Infinite Loop
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Capital Embedded Ar Classic
Nucleus Net
Nucleus Readystart
Nucleus Source Code