OSV-2020-178 Heap-buffer-overflow in concat_hash_string

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21257 Crash type: Heap-buffer-overflow READ 4 Crash state: concathashstring ndpisearchsshtcp searchsshagain...

Ntop nDPI Buffer Overflow Vulnerability

Ntop nDPI is an open source library for deep packet inspection from Ntop Italy. A buffer overflow vulnerability exists in the 'concathashstring' function of the ssh.c file in Ntop nDPI 3.2 Stable and earlier versions, which can be exploited by an attacker to cause a denial of service with the hel...

DEBIAN-CVE-2020-11940

In nDPI through 3.2 Stable, an out-of-bounds read in concathashstring in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library...

CVE-2020-11939

In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concathashstring in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI...