Shodan
Vulnerabilities
Vulnerable Software
Ccn-Lite:  >> Ccn-Lite  Security Vulnerabilities
CVE-2017-12466
CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors related to ssl_halen when running ccn-lite-sim, which trigger an out-of-bounds access.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-02-07
CVE-2017-12467
Memory leak in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) by leveraging failure to allocate memory for the comp or complen structure member.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-02-07
CVE-2017-12468
Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the vallen and len variables.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-02-07
CVE-2017-12469
Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging incorrect memory allocation.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-02-07
CVE-2017-12470
Integer overflow in the ndn_parse_sequence function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the typ and vallen variables.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-02-07
CVE-2017-12471
The cnb_parse_lev function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging failure to check for out-of-bounds conditions, which triggers an invalid read in the hexdump function.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-02-07
CVE-2018-6480
A type confusion issue was discovered in CCN-lite 2, leading to a memory access violation and a failure of the nonce feature (which, for example, helped with loop prevention). ccnl_fwd_handleInterest assumes that the union member s is of type ccnl_pktdetail_ndntlv_s. However, if the type is in fact struct ccnl_pktdetail_ccntlv_s or struct ccnl_pktdetail_iottlv_s, the memory at that point is either uninitialised or points to data that is not a nonce, which renders the code using the local variable nonce pointless. A later nonce check is insufficient.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-01-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved