CVE-2020-25927 - OpenCVE

The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service (remote). The component is: DNS response processing in function: dns_upcall(). The attack vector is: a specific DNS response packet. The code does not check whether the number of queries/responses specified in the DNS packet header corresponds to the query/response data available in the DNS packet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hcc-embedded	Nichestack Tcp\/ip

Configuration 1 [-]

cpe:2.3:a:hcc-embedded:nichestack_tcp\/ip:4.0.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.iniche.com/source-code/networking-stack/nichestack.php
https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/
https://www.kb.cert.org/vuls/id/608209

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-08-18T18:37:36

Updated: 2024-08-04T15:49:06.649Z

Reserved: 2020-09-24T00:00:00

Link: CVE-2020-25927

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-08-18T19:15:07.247

Modified: 2021-08-26T18:23:43.370

Link: CVE-2020-25927

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service (remote). The component is: DNS response processing in function: dns_upcall(). The attack vector is: a specific DNS response packet. The code does not check whether the number of queries/responses specified in the DNS packet header corresponds to the query/response data available in the DNS packet."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-18T18:47:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.iniche.com/source-code/networking-stack/nichestack.php"}, {"tags": ["x_refsource_MISC"], "url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"}, {"name": "VU#608209", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/608209"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-25927", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service (remote). The component is: DNS response processing in function: dns_upcall(). The attack vector is: a specific DNS response packet. The code does not check whether the number of queries/responses specified in the DNS packet header corresponds to the query/response data available in the DNS packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.iniche.com/source-code/networking-stack/nichestack.php", "refsource": "MISC", "url": "http://www.iniche.com/source-code/networking-stack/nichestack.php"}, {"name": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/", "refsource": "MISC", "url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"}, {"name": "VU#608209", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/608209"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:49:06.649Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.iniche.com/source-code/networking-stack/nichestack.php"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"}, {"name": "VU#608209", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/608209"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-25927", "datePublished": "2021-08-18T18:37:36", "dateReserved": "2020-09-24T00:00:00", "dateUpdated": "2024-08-04T15:49:06.649Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcc-embedded:nichestack_tcp\\/ip:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBA5023C-F403-43DA-BC96-F0D020D6E213", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service (remote). The component is: DNS response processing in function: dns_upcall(). The attack vector is: a specific DNS response packet. The code does not check whether the number of queries/responses specified in the DNS packet header corresponds to the query/response data available in the DNS packet."}, {"lang": "es", "value": "La funcionalidad DNS en InterNiche NicheStack TCP/IP versi\u00f3n 4.0.1, est\u00e1 afectada por: Lectura fuera de l\u00edmites. El impacto es: una denegaci\u00f3n de servicio (remoto). El componente es: Procesamiento de respuestas DNS en la funci\u00f3n: dns_upcall(). El vector de ataque es: un paquete de respuesta DNS espec\u00edfico. El c\u00f3digo no comprueba si el n\u00famero de consultas/respuestas especificado en el encabezado del paquete DNS se corresponde con los datos de consulta/respuesta disponibles en el paquete DNS."}], "id": "CVE-2020-25927", "lastModified": "2021-08-26T18:23:43.370", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-18T19:15:07.247", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.iniche.com/source-code/networking-stack/nichestack.php"}, {"source": "cve@mitre.org", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/608209"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}