CVE-2021-31400

Published: Aug 19, 2021Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment's data. If the panic function hadn't a trap invocation removed, it will enter an infinite loop and therefore cause DoS (continuous loop or a device reset).

Affected (1)

Products: Hcc Embedded: Nichestack

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hcc Embedded Nichestack	Before 4.3

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (4)

https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/

Source: cve@mitre.org

MitigationThird Party Advisory

https://www.kb.cert.org/vuls/id/608209

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party Advisory

https://www.kb.cert.org/vuls/id/608209

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.