Security advisories
Tuxera is committed to delivering reliable, safe, and secure products and services. Security advisories are published to document remediation for potential security issues and vulnerabilities identified with Tuxera products. Tuxera engineers issue a security advisory when mitigation is available, and will not publicly publish any details that could potentially be used to compromise products in order to reduce or eliminate risks. Critical information is disclosed directly to our strategic partners and customers or authorized distributors in a timely manner as required, related to the risk and the scope of the issue. We respect the security considerations of all customers and will not provide advanced details outside of established channels.
Reporting a vulnerability
Potential security risks and vulnerabilities in Tuxera products are managed through a well-defined process. If you have information about a security issue or vulnerability with a Tuxera product, please e-mail .
Please provide as much information as possible, including:
• The products and versions affected
• A detailed description of the security flaw or vulnerability
• Information on known exploits and ways to reproduce the vulnerability
A member of Tuxera’s Security Response Team will review your e-mail and get in touch with you for collaborating on addressing the issue.
Advisories list
Each advisory in the table below provides information on known security vulnerabilities relevant to our products and can be used to determine whether a particular patch or upgrade is appropriate.
Please keep in mind that this rating is intended to be used as a guide only. Tuxera reserves the right to change or update the information on this page without notice at any time.
Please be in touch with your technical sales agent or account manager assigned to you in case of questions. You can also reach us at .
| Advisory ID | Product | Affected Version | Solution/Fixed Version | Description | Severity | Published date | Last Updated |
|---|---|---|---|---|---|---|---|
| HCCSEC-000001 | InterNiche Nichestack, also NicheLite | v4.3 (Package: in_tcp - v1.9) and before | v4.3 (Package: in_tcp - v1.12) and later | UDP buffer loss | Important | 2021-05-28 | 2022-01-31 |
| HCCSEC-000002 | InterNiche Nichestack, also NicheLite | v4.3 (Package: in_common - v1.15) and before | v4.3 (Package: in_common - v1.20) and above | Duplicate of HCCSEC-000010 | Important | 2021-05-28 | 2022-01-31 |
| HCCSEC-000003 | InterNiche Nichestack, also NicheLite | v4.3 (Package: in_httpsvr - v1.6) and before | v4.3 (Package: in_httpsvr - v1.7) and above | HTTP heap overflow | Important | 2021-05-28 | 2022-01-31 |
| HCCSEC-000004 | InterNiche Nichestack, also NicheLite | v4.3 (Package: in_httpsvr - v1.6) and before | v4.3 (Package: in_httpsvr - v1.7) and above | HTTP heap overflow | Moderate | 2021-05-28 | 2022-01-31 |
| HCCSEC-000005 | nterNiche Nichestack, also NicheLite | v4.3 (Package: in_common - v1.15) and before | v4.3 (Package: in_common - v1.20) and above | Duplicate of HCCSEC-000008 | Moderate | 2021-05-28 | 2022-01-31 |
| HCCSEC-000006 | InterNiche Nichestack, also NicheLite | v4.3 (Package: in_tcp - v1.9) and before | v4.3 (Package: in_tcp - v1.12) and later | DNS cache poisoning weakness | Low | 2021-05-28 | 2022-01-31 |
| HCCSEC-000007 | InterNiche Nichestack, also NicheLite | v4.3 (Package: in_common - v1.15) and before | v4.3 (Package: in_common - v1.20) and above | Out-of-bounds read | Important | 2021-05-28 | 2022-01-31 |
| HCCSEC-000008 | InterNiche Nichestack, also NicheLite | v4.3 (Package: in_common - v1.15) and before | v4.3 (Package: in_common - v1.20) and above | DNS cache poisoning weakness | Moderate | 2021-05-28 | 2022-01-31 |
| HCCSEC-000009 | InterNiche Nichestack, also NicheLite | v4.3 (Package: in_common - v1.15) and before | v4.3 (Package: in_common - v1.20) and above | Out-of-bounds read | Important | 2021-05-28 | 2022-01-31 |
| HCCSEC-000010 | InterNiche Nichestack, also NicheLite | v4.3 (Package: in_common - v1.15) and before | v4.3 (Package: in_common - v1.20) and above | Out-of-bounds read/write | Important | 2021-05-28 | 2022-01-31 |
| HCCSEC-000011 | InterNiche Nichestack, also NicheLite | v4.3 (Package: in_ipv4 - v1.5) and before | v4.3 (Package: in_ipv4 - v1.6) and above | Integer overflow | Low | 2021-05-28 | 2022-01-31 |
| HCCSEC-000012 | InterNiche Nichestack, also NicheLite | v4.3 (Package: in_tcp - v1.9) and before | v4.3 (Package: in_tcp - v1.12) and above | Integer overflow | Low | 2021-05-28 | 2022-01-31 |
| HCCSEC-000013 | InterNiche Nichestack, also NicheLite | v4.3 (Package: in_tcp - v1.9) and before | v4.3 (Package: in_tcp - v1.12) and above | Predictable ISNs | Low | 2021-05-28 | 2022-01-31 |
| HCCSEC-000014 | InterNiche Nichestack, also NicheLite | v4.3 (Package: in_tcp - v1.9) and before | v4.3 (Package: in_tcp - v1.12) and above | Loop with Unreachable Exit Condition | Important | 2021-05-28 | 2022-01-31 |
| HCCSEC-000015 | InterNiche Nichestack, also NicheLite | v4.3 (Package: in_tcp - v1.9) and before | v4.3 (Package: in_tcp - v1.12) and above | Integer overflow | Low | 2021-05-28 | 2022-01-31 |
| HCCSEC-000016 | InterNiche Nichestack, also NicheLite | v4.3 (Package: in_tftp - v1.1) and before | v4.3 (Package: in_tftp - v1.2) and above | Read out of bounds | Important | 2021-05-28 | 2022-01-31 |
| HCCSEC-000017 | InterNiche Nichestack, also NicheLite | v4.3 (Package: in_httpsvr - v1.6) and before | v4.3 (Package: in_httpsvr - v1.7) and above | Unnecessary panic triggered | Moderate | 2021-05-28 | 2022-01-31 |
| HCCSEC-000018 | InterNiche Nichestack, also NicheLite | v3.1 | v4.3* and above | Segment smack | Important | 2021-11-09 | 2022-01-31 |
| TUXSA-2021-0001 | NTFSPROGS | Older versions than NTFSPROGS 3021.4.15.8 | Upgrade to NTFSPROGS 3017.7.18.22 or 3021.4.15.8 | These vulnerabilities may allow an attacker with both physical access to a device and a maliciously crafted NTFS-formatted USB or other external storage to potentially execute arbitrary code. If the NTFS tool is configured to run automatically when an external storage is plugged into the device, then the code would execute in user space with the same privileges as the NTFS tool used (typically ntfsck) which is usually root. These vulnerabilities result from incorrect validation of some of the NTFS metadata that could potentially cause buffer overflows, which could be exploited by an attacker. Therefore, an attacker needs to have local or physical access to the target to exploit these vulnerabilities. Common ways for attackers to gain physical access to a machine is through social engineering or an evil maid attack on an unattended device. | Moderate | 2021-08-30 | 2021-08-30 |
| TUXSA-2021-0002 | NTFSPROGS | Older versions than NTFSPROGS 3021.4.15.8 | Upgrade to Tuxera NTFS 3017.7.18.22 or 3021.4.15.8 for QNX, Nucleus, INTEGRITY, Windows Automotive and Linux user space | These vulnerabilities may allow an attacker with both physical access to a device and a maliciously crafted NTFS-formatted USB or other external storage to potentially execute arbitrary code with the same privileges as the NTFS driver when the external storage is plugged into the device. These vulnerabilities result from incorrect validation of some of the NTFS metadata that could potentially cause buffer overflows, which could be exploited by an attacker. Therefore, an attacker needs to have local or physical access to the target to exploit these vulnerabilities. Common ways for attackers to gain physical access to a machine is through social engineering or an evil maid attack on an unattended device. | Moderate | 2021-08-30 | 2021-08-30 |
| TUXSA-2022-0001 | NTFSPROGS Tuxera NTFS | Older versions than NTFS 3021.4.23.18 and NTFSPROGS 3021.4.15.12 | Update to NTFS kernel driver 3021.4.23.18 and to NTFSPROGS 3021.4.15.12 | These vulnerabilities may allow an attacker with both physical access to a device and a maliciously crafted NTFS-formatted USB or other external storage to potentially execute arbitrary code. These vulnerabilities result from incorrect validation of some of the NTFS metadata that could potentially cause buffer overflows, which could be exploited by an attacker. Therefore, an attacker needs to have local or physical access to the target to exploit these vulnerabilities. | Moderate | 2022-10-18 | 2022-10-18 |
* InterNiche, Nichestack, and NicheLite is technology from Tuxera Hungary (previously HCC Embedded) – a Tuxera company since 2021. This code is maintained for legacy purposes only.