Lucene search
+L

10 matches found

CVE
CVE
added 2025/02/03 12:0 a.m.123 views

CVE-2025-25066

CVE-2025-25066 affects nDPI, specifically version 4.12 and earlier, due to a potential stack-based buffer overflow in ndpi_address_cache_restore (lib/ndpi_cache.c). The connected sources consistently describe this vulnerability as a local issue with high impact (confidentiality/integrity/availabi...

8.4CVSS7.5AI score0.00176EPSS
CVE
CVE
added 2021/07/01 2:48 a.m.95 views

CVE-2021-36082

CVE-2021-36082 affects ntop nDPI 3.4 and is due to a stack-based buffer overflow in processClientServerHello. The connected sources consistently report this vulnerability in ntop nDPI 3.4; no specific exploit details or patched versions are provided in the documents. The information confirms the ...

8.8CVSS8.9AI score0.01762EPSS
CVE
CVE
added 2020/07/01 10:54 a.m.59 views

CVE-2020-15472

CVE-2020-15472 affects ndpi (nDPI) up to version 3.2. The H.323 dissector contains a heap-based buffer over-read in ndpi_search_h323 (lib/protocols/h323.c) triggered by a payload with insufficient length, exposed over the network. Impact per sources ranges from Partial confidentiality/availabilit...

9.1CVSS9.1AI score0.01477EPSS
CVE
CVE
added 2020/07/01 10:53 a.m.58 views

CVE-2020-15476

In ndpi (Ntop nDPI) up to version 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle (lib/protocols/oracle.c). This is the concrete root cause and affects the Oracle dissector component of the ndpi library. CVSS details from the public records show an attac...

7.5CVSS7.4AI score0.02113EPSS
CVE
CVE
added 2020/04/23 2:18 p.m.55 views

CVE-2020-11939

CVE-2020-11939 affects nDPI (up to 3.2 Stable) where the SSH protocol dissector exposes multiple KEXINIT integer overflows. The underlying issue is a heap overflow in concat_hash_string in ssh.c, enabling an attacker to remotely influence heap layout and memory contents. The documented impact sta...

9.8CVSS9.8AI score0.03302EPSS
CVE
CVE
added 2020/07/01 10:54 a.m.49 views

CVE-2020-15473

CVE-2020-15473 affects nDPI

9.1CVSS9.2AI score0.01288EPSS
CVE
CVE
added 2020/04/23 2:20 p.m.47 views

CVE-2020-11940

CVE-2020-11940 affects nDPI up to 3.2 Stable. The root cause is an out-of-bounds read in concat_hash_string (ssh.c). This enables a network-positioned attacker to exploit malformed SSH protocol messages on a network segment monitored by nDPI’s library, potentially impacting availability. The desc...

7.5CVSS7.4AI score0.01324EPSS
CVE
CVE
added 2020/07/01 10:54 a.m.47 views

CVE-2020-15471

CVE-2020-15471 affects nDPI up to version 3.2, where the packet parsing function ndpi_parse_packet_line_info in lib/ndpi_main.c is vulnerable to a heap-based buffer over-read. Multiple sources document this vulnerability and point to Open PoCs and public disclosures, indicating an in-memory bound...

9.1CVSS9.2AI score0.01288EPSS
CVE
CVE
added 2020/07/01 10:54 a.m.44 views

CVE-2020-15474

CVE-2020-15474 affects the nDPI library (through version 3.2 and earlier) with a stack overflow in extractRDNSequence within lib/protocols/tls.c. Multiple connected sources (CNVD, SUSE, OSV, CNVD-like entries) confirm the vulnerable component and function, indicating a buffer/stack overflow risk ...

9.8CVSS9.6AI score0.01198EPSS
CVE
CVE
added 2020/07/01 10:53 a.m.42 views

CVE-2020-15475

CVE-2020-15475 affects nDPI (through 3.2); the flaw is in ndpi_reset_packet_line_info (lib/ndpi_main.c), where incomplete reinitialization leads to a use-after-free. Documented impact: compromise of confidentiality, integrity, and availability under network attack. A patch/commit addressing the i...

9.8CVSS9.3AI score0.01239EPSS