Vulnerabilities > CVE-2021-31226 - Out-of-bounds Write vulnerability in Hcc-Embedded Interniche 4.0.1

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
hcc-embedded
CWE-787
critical

Summary

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads to a heap overflow in wbs_post() via an strcpy() call.

Vulnerable Configurations

Part Description Count
Application
Hcc-Embedded
1

Common Weakness Enumeration (CWE)