VDB
CVE-2020-25927
CVE-2020-25927
PUBLISHED
CVSS 7.5 HIGH
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service (remote). The component is: DNS response processing in function: dns_upcall(). The attack vector is: a specific DNS response packet. The code does not check whether the number of queries/responses specified in the DNS packet header corresponds to the query/response data available in the DNS packet.
EPSS 0.49% · 65.9th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.49%
65.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| hcc-embedded | nichestack_tcp\/ip | 4.0.1 |
Exploit Intelligence
Timeline
- Aug 18, 2021 CVE Published
- Aug 19, 2021 EPSS Score
- Oct 16, 2021 EPSS Score
- Dec 14, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 10, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 10, 2022 EPSS Score
- Jun 7, 2022 EPSS Score
- Aug 5, 2022 EPSS Score
- Oct 3, 2022 EPSS Score
- Nov 30, 2022 EPSS Score
References
- http://www.iniche.com/source-code/networking-stack/nichestack.php url
- https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/ url
- VU#608209 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-25927 advisory
- https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack url