A heap buffer overflow exists in NicheStack in the code that parses the HTTP POST request due to an incorrect signed integer comparison
InterNiche (, 4.3), fixed in 4.3
An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative
Content-Length, which bypasses the size checks and results in a large heap overflow in the
wbs_multidata buffer copy.
No PoC is supplied for this issue
If not needed, disable the NicheStack HTTP server through the NicheStack CLI