CVE-2018-12889

2018-06-2613:29:00

Google

osv.dev

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.8%

JSON

An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking ‘\0’ termination when reading a binary CCNx or NDN file. This can result in Heap Corruption. This was addressed by fixing the memory management in mkAddToRelayCacheRequest in ccn-lite-ctrl.c.

CPENameOperatorVersion
ccn-liteeq0.1.0
ccn-liteeq2.0.0
ccn-liteeq0.3.0
ccn-liteeq0.3.1
ccn-liteeq2.0.1

Name	Operator	Version
ccn-lite	eq	0.1.0
ccn-lite	eq	2.0.0
ccn-lite	eq	0.3.0
ccn-lite	eq	0.3.1
ccn-lite	eq	2.0.1

References

github.com/cn-uofbasel/ccn-lite/issues/279