CVE-2020-11939

{"id": "CVE-2020-11939", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-04-23T15:15:14.093", "references": [{"url": "https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI library's heap memory through remote input, this vulnerability may be abused to achieve full Remote Code Execution against any network inspection stack that is linked against nDPI and uses it to perform network traffic analysis."}, {"lang": "es", "value": "En nDPI versiones hasta 3.2 Stable, el disector del protocolo SSH tiene m\u00faltiples desbordamientos de enteros KEXINIT que resultan en un desbordamiento de la pila (heap) remoto controlado en la funci\u00f3n concat_hash_string en el archivo ssh.c. Debido a la naturaleza granular de la primitiva de desbordamiento y la capacidad de controlar tanto el contenido como el dise\u00f1o de la memoria de la pila (heap) de la biblioteca de nDPI por medio de una entrada remota, se puede abusar de esta vulnerabilidad para lograr una Ejecuci\u00f3n de C\u00f3digo Remota completa contra cualquier pila de inspecci\u00f3n de red que est\u00e9 vinculada contra nDPI y lo usa para realizar an\u00e1lisis de tr\u00e1fico de red."}], "lastModified": "2024-11-21T04:58:56.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ntop:ndpi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97EDB1C6-9886-4C0B-8F09-5A4C52DC5A45", "versionEndIncluding": "3.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}