A heap buffer overflow exists in NicheStack in the code that parses the HTTP POST request due to an incorrect signed integer comparison
InterNiche (, 4.3), fixed in 4.3
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length, which bypasses the size checks and results in a large heap overflow in the wbs_multidata buffer copy.
No PoC is supplied for this issue
If not needed, disable the NicheStack HTTP server through the NicheStack CLI
(JFrog) INFRA:HALT New Vulnerabilities Impacting OT and Critical Infrastructure