Out-of-bounds Read and Denial-of-Service Vulnerability in HCC Embedded NicheStack IPv4 4.1

Out-of-bounds Read and Denial-of-Service Vulnerability in HCC Embedded NicheStack IPv4 4.1

CVE-2020-25767 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_copy_in routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet (e.g., forward compression pointer jumps are allowed), which leads to an Out-of-bounds Read, and a Denial-of-Service as a consequence.

Learn more about our Web Application Penetration Testing UK.