CVE-2021-31401

Name of the Vulnerable Software and Affected Versions HCC embedded InterNiche version 4.0.1

Description The issue is related to insufficient input validation in the TCP/IP stack implementation of NicheLite and InterNiche. This can be exploited by a remote attacker to cause a denial of service by sending specially crafted IP packets. The TCP header processing code does not sanitize the value of the IP total length field, which can lead to an integer overflow when calculating the IP data length. This occurs when the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.

Recommendations For HCC embedded InterNiche version 4.0.1, consider disabling the tcp rcv() function in nptcp.c as a temporary workaround until a patch is available. Restrict access to the vulnerable TCP header processing code to minimize the risk of exploitation. Avoid using crafted IP packets that can cause an integer overflow in the IP data length calculation. At the moment, there is no information about a newer version that contains a fix for this issue.