CVE-2020-25767 — Vulnetix

CVE-2020-25767 PUBLISHED CVSS 7.5 HIGH

An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_copy_in routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet (e.g., forward compression pointer jumps are allowed), which leads to an Out-of-bounds Read, and a Denial-of-Service as a consequence.

EPSS 0.39% · 60.4th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.39%

60.4th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
hcc-embedded	nichestack_ipv4	4.1

Timeline

Aug 18, 2021 CVE Published
Aug 19, 2021 EPSS Score
Oct 16, 2021 EPSS Score
Dec 14, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 10, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 9, 2022 EPSS Score
Jun 7, 2022 EPSS Score
Aug 5, 2022 EPSS Score
Oct 2, 2022 EPSS Score
Nov 30, 2022 EPSS Score

References

https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/ url
VU#608209 third-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2020-25767 advisory
https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack url

Open in Interactive Console →