ndpi:fuzz_process_packet: Heap-buffer-overflow in ndpi_search_memcached


Project: https://github.com/ntop/nDPI.git Detailed Report: https://oss-fuzz.com/testcase?key=5113237544894464 Project: ndpi Fuzzing Engine: afl Fuzz Target: fuzz_process_packet Job Type: afl_asan_ndpi Platform Id: linux Crash Type: Heap-buffer-overflow READ 13 Crash Address: 0x60500000e05c Crash State: ndpi_search_memcached check_ndpi_udp_flow_func ndpi_detection_process_packet Sanitizer: address (ASAN) Recommended Security Severity: Medium Crash Revision: https://oss-fuzz.com/revisions?job=afl_asan_ndpi&revision=201912050451 Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5113237544894464 Issue filed automatically. See https://google.github.io/oss-fuzz/advanced-topics/reproducing for instructions to reproduce this bug locally. When you fix this bug, please * mention the fix revision(s). * state whether the bug was a short-lived regression or an old bug in any stable releases. * add any other useful information. This information can help downstream consumers. If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues. Comments on individual Monorail issues are not monitored. This bug is subject to a 90 day disclosure deadline. If 90 days elapse without an upstream patch, then the bug report will automatically become visible to the public.

Affected Software

CPE Name Name Version
ndpi 1.8
ndpi 1.7
ndpi 1.6