CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-11940

In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.8%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://github.com/ntop/nDPI/commit/3bbb0cd3296023f6f922c71d21a1c374d2b0a435
https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi
https://github.com/ntop/nDPI/commit/3bbb0cd3296023f6f922c71d21a1c374d2b0a435
https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi

Products affected by CVE-2020-11940

Ntop » Ndpi » Version: 1.6

cpe:2.3:a:ntop:ndpi:1.6
Ntop » Ndpi » Version: 1.7

cpe:2.3:a:ntop:ndpi:1.7
Ntop » Ndpi » Version: 1.8

cpe:2.3:a:ntop:ndpi:1.8
Ntop » Ndpi » Version: 2.0

cpe:2.3:a:ntop:ndpi:2.0
Ntop » Ndpi » Version: 2.2

cpe:2.3:a:ntop:ndpi:2.2
Ntop » Ndpi » Version: 2.4

cpe:2.3:a:ntop:ndpi:2.4
Ntop » Ndpi » Version: 2.6

cpe:2.3:a:ntop:ndpi:2.6
Ntop » Ndpi » Version: 2.8

cpe:2.3:a:ntop:ndpi:2.8
Ntop » Ndpi » Version: 3.0

cpe:2.3:a:ntop:ndpi:3.0
Ntop » Ndpi » Version: 3.2

cpe:2.3:a:ntop:ndpi:3.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-11940

Products

Pricing

Contact Us