Vulnerability Details CVE-2020-15476
In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780
- https://github.com/ntop/nDPI/commit/b69177be2fbe01c2442239a61832c44e40136c05
- https://lists.debian.org/debian-lts-announce/2020/08/msg00052.html
- https://lists.debian.org/debian-lts-announce/2022/08/msg00016.html
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780
- https://github.com/ntop/nDPI/commit/b69177be2fbe01c2442239a61832c44e40136c05
- https://lists.debian.org/debian-lts-announce/2020/08/msg00052.html
- https://lists.debian.org/debian-lts-announce/2022/08/msg00016.html
Products affected by CVE-2020-15476
-
cpe:2.3:a:ntop:ndpi:1.6
-
cpe:2.3:a:ntop:ndpi:1.7
-
cpe:2.3:a:ntop:ndpi:1.8
-
cpe:2.3:a:ntop:ndpi:2.0
-
cpe:2.3:a:ntop:ndpi:2.2
-
cpe:2.3:a:ntop:ndpi:2.4
-
cpe:2.3:a:ntop:ndpi:2.6
-
cpe:2.3:a:ntop:ndpi:2.8
-
cpe:2.3:a:ntop:ndpi:3.0
-
cpe:2.3:a:ntop:ndpi:3.2
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:linux:linux_kernel:-