We are here to help
Have a question or need guidance? Whether you’re searching for resources or want to connect with an expert, we’ve got you covered. Use the search bar on the right to find what you need.
Security advisories
Tuxera is committed to delivering reliable, safe, and secure products and services. Security advisories are published to document remediation for potential security issues and vulnerabilities identified with Tuxera products. Tuxera engineers issue a security advisory when mitigation is available, and will not publicly publish any details that could potentially be used to compromise products in order to reduce or eliminate risks. Critical information is disclosed directly to our strategic partners and customers or authorized distributors in a timely manner as required, related to the risk and the scope of the issue. We respect the security considerations of all customers and will not provide advanced details outside of established channels.
Potential security risks and vulnerabilities in Tuxera products are managed through a well-defined process. If you have information about a security issue or vulnerability with a Tuxera product, please e-mail security@tuxera.com.
Please provide as much information as possible, including:
• The products and versions affected
• A detailed description of the security flaw or vulnerability
• Information on known exploits and ways to reproduce the vulnerability
A member of Tuxera’s Security Response Team will review your e-mail and get in touch with you for collaborating on addressing the issue.
Advisories list
Each advisory in the table below provides information on known security vulnerabilities relevant to our products and can be used to determine whether a particular patch or upgrade is appropriate.
Please keep in mind that this rating is intended to be used as a guide only. Tuxera reserves the right to change or update the information on this page without notice at any time.
Please be in touch with your technical sales agent or account manager assigned to you in case of questions. You can also reach us at support@tuxera.com.
| Advisory ID | Product | Affected Version | Solution/Fixed Version | Description | Severity | Published date | Last Updated |
|---|---|---|---|---|---|---|---|
HCCSEC-000001 |
InterNiche Nichestack, |
v4.3 (Package: in_tcp – v1.9) and before |
v4.3 (Package: in_tcp – v1.12) and later |
UDP buffer loss |
Important |
2021-05-28 |
2022-01-31 |
HCCSEC-000002 |
InterNiche Nichestack, |
v4.3 (Package: in_common – v1.15) and before |
v4.3 (Package: in_common – v1.20) and above |
Duplicate of HCCSEC-000010 |
Important |
2021-05-28 |
2022-01-31 |
HCCSEC-000003 |
InterNiche Nichestack, |
v4.3 (Package: in_httpsvr – v1.6) and before |
v4.3 (Package: in_httpsvr – v1.7) and above |
HTTP heap overflow |
Important |
2021-05-28 |
2022-01-31 |
HCCSEC-000004 |
InterNiche Nichestack, |
v4.3 (Package: in_httpsvr – v1.6) and before |
v4.3 (Package: in_httpsvr – v1.7) and above |
HTTP heap overflow |
Moderate |
2021-05-28 |
2022-01-31 |
HCCSEC-000005 |
InterNiche Nichestack, |
v4.3 (Package: in_common – v1.15) and before |
v4.3 (Package: in_common – v1.20) and above |
Duplicate of HCCSEC-000008 |
Moderate |
2021-05-28 |
2022-01-31 |
HCCSEC-000006 |
InterNiche Nichestack, |
v4.3 (Package: in_tcp – v1.9) and before |
v4.3 (Package: in_tcp – v1.12) and later |
DNS cache poisoning weakness |
Low |
2021-05-28 |
2022-01-31 |
HCCSEC-000007 |
InterNiche Nichestack, |
v4.3 (Package: in_common – v1.15) and before |
v4.3 (Package: in_common – v1.20) and above |
Out-of-bounds read |
Important |
2021-05-28 |
2022-01-31 |
HCCSEC-000008 |
InterNiche Nichestack, |
v4.3 (Package: in_common – v1.15) and before |
v4.3 (Package: in_common – v1.20) and above |
DNS cache poisoning weakness |
Moderate |
2021-05-28 |
2022-01-31 |
HCCSEC-000009 |
InterNiche Nichestack, |
v4.3 (Package: in_common – v1.15) and before |
v4.3 (Package: in_common – v1.20) and above |
Out-of-bounds read |
Important |
2021-05-28 |
2022-01-31 |
HCCSEC-000010 |
InterNiche Nichestack, |
v4.3 (Package: in_common – v1.15) and before |
v4.3 (Package: in_common – v1.20) and above |
Out-of-bounds read/write |
Important |
2021-05-28 |
2022-01-31 |
HCCSEC-000011 |
InterNiche Nichestack, |
v4.3 (Package: in_ipv4 – v1.5) and before |
v4.3 (Package: in_ipv4 – v1.6) and above |
Integer overflow |
Low |
2021-05-28 |
2022-01-31 |
HCCSEC-000012 |
InterNiche Nichestack, |
v4.3 (Package: in_tcp – v1.9) and before |
v4.3 (Package: in_tcp – v1.12) and above |
Integer overflow |
Low |
2021-05-28 |
2022-01-31 |
HCCSEC-000013 |
InterNiche Nichestack, |
v4.3 (Package: in_tcp – v1.9) and before |
v4.3 (Package: in_tcp – v1.12) and above |
Predictable ISNs |
Low |
2021-05-28 |
2022-01-31 |
HCCSEC-000014 |
InterNiche Nichestack, |
v4.3 (Package: in_tcp – v1.9) and before |
v4.3 (Package: in_tcp – v1.12) and above |
Loop with Unreachable Exit Condition |
Important |
2021-05-28 |
2022-01-31 |
HCCSEC-000015 |
InterNiche Nichestack, |
v4.3 (Package: in_tcp – v1.9) and before |
v4.3 (Package: in_tcp – v1.12) and above |
Integer overflow |
Low |
2021-05-28 |
2022-01-31 |
HCCSEC-000016 |
InterNiche Nichestack, |
v4.3 (Package: in_tftp – v1.1) and before |
v4.3 (Package: in_tftp – v1.2) and above |
Read out of bounds |
Important |
2021-05-28 |
2022-01-31 |
HCCSEC-000017 |
InterNiche Nichestack, |
v4.3 (Package: in_httpsvr – v1.6) and before |
v4.3 (Package: in_httpsvr – v1.7) and above |
Unnecessary panic triggered |
Moderate |
2021-05-28 |
2022-01-31 |
HCCSEC-000018 |
InterNiche Nichestack, |
v3.1 |
v4.3* and above |
Segment smack |
Important |
2021-11-09 |
2022-01-31 |
TUXSA-2021-0001 |
NTFSPROGS |
Older versions than NTFSPROGS 3021.4.15.8 |
Upgrade to NTFSPROGS 3017.7.18.22 or 3021.4.15.8 |
These vulnerabilities may allow an attacker with both physical access to a device and a maliciously crafted NTFS-formatted USB or other external storage to potentially execute arbitrary code. If the NTFS tool is configured to run automatically when an external storage is plugged into the device, then the code would execute in user space with the same privileges as the NTFS tool used (typically ntfsck) which is usually root. These vulnerabilities result from incorrect validation of some of the NTFS metadata that could potentially cause buffer overflows, which could be exploited by an attacker. Therefore, an attacker needs to have local or physical access to the target to exploit these vulnerabilities. Common ways for attackers to gain physical access to a machine is through social engineering or an evil maid attack on an unattended device. |
Moderate |
2021-08-30 |
2021-08-30 |
TUXSA-2021-0002 |
NTFSPROGS |
Older versions than NTFSPROGS 3021.4.15.8 |
Upgrade to Tuxera NTFS 3017.7.18.22 or 3021.4.15.8 for QNX, Nucleus, INTEGRITY, Windows Automotive and Linux user space |
These vulnerabilities may allow an attacker with both physical access to a device and a maliciously crafted NTFS-formatted USB or other external storage to potentially execute arbitrary code with the same privileges as the NTFS driver when the external storage is plugged into the device. These vulnerabilities result from incorrect validation of some of the NTFS metadata that could potentially cause buffer overflows, which could be exploited by an attacker. Therefore, an attacker needs to have local or physical access to the target to exploit these vulnerabilities. Common ways for attackers to gain physical access to a machine is through social engineering or an evil maid attack on an unattended device. |
Moderate |
2021-08-30 |
2021-08-30 |
TUXSA-2022-0001 |
NTFSPROGS |
Older versions than NTFS 3021.4.23.18 and NTFSPROGS 3021.4.15.12 |
Update to NTFS kernel driver 3021.4.23.18 and to NTFSPROGS 3021.4.15.12 |
These vulnerabilities may allow an attacker with both physical access to a device and a maliciously crafted NTFS-formatted USB or other external storage to potentially execute arbitrary code. These vulnerabilities result from incorrect validation of some of the NTFS metadata that could potentially cause buffer overflows, which could be exploited by an attacker. Therefore, an attacker needs to have local or physical access to the target to exploit these vulnerabilities. |
Moderate |
2022-10-18 |
2022-10-18 |
* InterNiche, Nichestack, and NicheLite is technology from Tuxera Hungary (previously HCC Embedded) – a Tuxera company since 2021. This code is maintained for legacy purposes only.
Suggested content for:
Your mission-critical systems demand uncompromising reliability. Tuxera products mean absolute data integrity. We specialize in file systems, software flash controllers, and secure networking and connectivity solutions. We are the perfect fit for data-intensive, mission-critical workloads. Using Tuxera’s time-proven solutions means that your data is safe and secure – always.
Our solutions are trusted by major brands worldwide. When you need reliable, scalable, and lightening-fast data access and transfer across any system or device, Tuxera delivers. Our track record speaks for itself. We’ve been in this business for decades with a clear mission: to be the partner you can trust. Read on to find out more.
From satellites to smart meters, our software protects critical data and ensures seamless connectivity wherever mission-critical systems operate.
We couldn't find any matching results. Please try searching with different keywords or browse our popular tags below.
