mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 19:16:22 +00:00
1.0 KiB
1.0 KiB
CVE-2020-25767
Description
An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_copy_in routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet (e.g., forward compression pointer jumps are allowed), which leads to an Out-of-bounds Read, and a Denial-of-Service as a consequence.
POC
Reference
- https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/
- https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/
- https://www.kb.cert.org/vuls/id/608209
- https://www.kb.cert.org/vuls/id/608209
Github
No PoCs found on GitHub currently.