CVE-2021-36762

Name of the Vulnerable Software and Affected Versions HCC Embedded InterNiche NicheStack versions through 4.3

Description The issue is related to errors in handling TFTP packet processing in the NicheLite and InterNiche TCP/IP stacks, specifically with null-termination of strings or arrays. This can allow a remote attacker to cause a denial of service. The tfshnd():tftpsrv.c TFTP packet processing function does not ensure that a filename is adequately null-terminated, which can lead to a subsequent call to strlen for the filename reading out of bounds of the protocol packet buffer if no null byte exists within a reasonable range.

Recommendations For HCC Embedded InterNiche NicheStack versions through 4.3, consider disabling the tfshnd() function in the tftpsrv.c file as a temporary workaround until a patch is available. Restrict access to the TFTP packet processing function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.