Vulnerability Description
In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI library's heap memory through remote input, this vulnerability may be abused to achieve full Remote Code Execution against any network inspection stack that is linked against nDPI and uses it to perform network traffic analysis.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ntop | Ndpi | <= 3.2 |
Related Weaknesses (CWE)
References
- https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202PatchThird Party Advisory
- https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpiExploitThird Party Advisory
- https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202PatchThird Party Advisory
- https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpiExploitThird Party Advisory
FAQ
What is CVE-2020-11939?
CVE-2020-11939 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Due to the granular natur...
How severe is CVE-2020-11939?
CVE-2020-11939 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-11939?
Check the references section above for vendor advisories and patch information. Affected products include: Ntop Ndpi.