JFrog Security Research
< Back

XRAY-194051 - NicheStack IP length DoS

CVE-2021-31401 | CVSS 7.5

JFrog Severity:high

Discovered ByDenys Vozniukof the JFrog Security Research Team

Published 4 Aug, 2021 | Last updated 4 Aug, 2021

NicheStack TCP header IP length integer overflow leads to DoS

InterNiche TCP/IP stack

InterNiche (, 4.3), fixed in 4.3

NicheStack TCP header processing code doesn’t sanitize the length of the IP length (header + data). With a crafted IP packet an integer overflow would occur whenever the length of the IP data is calculated by subtracting the length of the header from the length of the total IP packet

No PoC is supplied for this issue

No vulnerability mitigations are supplied for this issue

(JFrog) INFRA:HALT New Vulnerabilities Impacting OT and Critical Infrastructure


< Back