CVE-2021-31400

Name of the Vulnerable Software and Affected Versions HCC embedded InterNiche version 4.0.1

Description An issue was discovered in the tcp pulloutofband() function in tcp in.c related to the processing of out-of-band urgent-data in TCP. This issue can cause a panic function to be invoked if the pointer to the end of the out-of-band data points outside of the TCP segment's data. If the panic function had not removed a trap invocation, it would enter an infinite loop, resulting in a denial of service (DoS) through a continuous loop or a device reset.

Recommendations For HCC embedded InterNiche version 4.0.1, as a temporary workaround, consider disabling the tcp pulloutofband() function until a patch is available to prevent potential exploitation. However, at the moment, there is no information about a newer version that contains a fix for this vulnerability.