CVE-2020-35684

Name of the Vulnerable Software and Affected Versions HCC Nichestack version 3.0

Description An issue was discovered in the code that parses TCP packets, which relies on an unchecked value of the IP payload size to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds, and a low-impact write-out-of-bounds is also possible. This issue is related to insufficient input validation in the TCP checksum function of the TCP/IP stack.

Recommendations For HCC Nichestack version 3.0, as a temporary workaround, consider disabling the TCP checksum computation function until a patch is available. Restrict access to the vulnerable TCP packet parsing module to minimize the risk of exploitation. Avoid using the IP payload size value in the affected TCP checksum computation function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.