CVE-2021-31227

Name of the Vulnerable Software and Affected Versions HCC embedded InterNiche version 4.0.1

Description The issue is related to an incorrect signed integer comparison when handling HTTP requests, which can lead to a potential heap buffer overflow. This can be exploited by sending a malformed HTTP packet with a negative Content-Length, bypassing size checks and resulting in a large heap overflow in the wbs multidata buffer copy. The exploitation of this issue may allow a remote attacker to cause a denial of service.

Recommendations For HCC embedded InterNiche version 4.0.1, consider disabling the HTTP POST request parsing functionality until a patch is available. Restrict access to the vulnerable code that parses HTTP requests to minimize the risk of exploitation. Avoid using the Content-Length parameter in the affected HTTP endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.