← Back

CVE-2021-31401

nvd nist
Published: Aug 19, 2021Modified: Jun 17, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.

Affected (3)

Hcc Embedded
1 product
Nichestack
Siemens
2 products
Sentron 3wl Com35 Firmware
Sentron 3wa Com190 Firmware
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Nichestack
Before 4.3
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sentron 3wl Com35 Firmware
Before 1.2.0
Running on/withPlatform Versions
Siemens
Sentron 3wl Com35
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sentron 3wa Com190 Firmware
Before 2.0.0
Running on/withPlatform Versions
Siemens
Sentron 3wa Com190
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

Source: cve@mitre.org
MitigationThird Party Advisory
Source: cve@mitre.org
MitigationThird Party Advisory
Source: cve@mitre.org
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.