cnvd - cnvd-2020-25756

CNVD-2020-25756

Vulnerability from cnvd - Published: 2020-04-29

Title

Ntop nDPI输入验证错误漏洞

Description

Ntop nDPI是意大利Ntop公司的一款用于深度数据包检查的开源库。 Ntop nDPI 3.2 Stable及之前版本中SSH协议解析器存在输入验证错误漏洞，攻击者可利用该漏洞执行代码或进行网络流量分析。

Severity

高

Patch Name

Ntop nDPI输入验证错误漏洞的补丁

Patch Description

Ntop nDPI是意大利Ntop公司的一款用于深度数据包检查的开源库。 Ntop nDPI 3.2 Stable及之前版本中SSH协议解析器存在输入验证错误漏洞，攻击者可利用该漏洞执行代码或进行网络流量分析。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-11939

Impacted products

Name
Ntop nDPI <=3.2 Stable

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-11939"
    }
  },
  "description": "Ntop nDPI\u662f\u610f\u5927\u5229Ntop\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u6df1\u5ea6\u6570\u636e\u5305\u68c0\u67e5\u7684\u5f00\u6e90\u5e93\u3002\n\nNtop nDPI 3.2 Stable\u53ca\u4e4b\u524d\u7248\u672c\u4e2dSSH\u534f\u8bae\u89e3\u6790\u5668\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u6216\u8fdb\u884c\u7f51\u7edc\u6d41\u91cf\u5206\u6790\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-25756",
  "openTime": "2020-04-29",
  "patchDescription": "Ntop nDPI\u662f\u610f\u5927\u5229Ntop\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u6df1\u5ea6\u6570\u636e\u5305\u68c0\u67e5\u7684\u5f00\u6e90\u5e93\u3002\r\n\r\nNtop nDPI 3.2 Stable\u53ca\u4e4b\u524d\u7248\u672c\u4e2dSSH\u534f\u8bae\u89e3\u6790\u5668\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u6216\u8fdb\u884c\u7f51\u7edc\u6d41\u91cf\u5206\u6790\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Ntop nDPI\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Ntop nDPI \u003c=3.2 Stable"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-11939",
  "serverity": "\u9ad8",
  "submitTime": "2020-04-24",
  "title": "Ntop nDPI\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2020-11939 (GCVE-0-2020-11939)

Vulnerability from cvelistv5 – Published: 2020-04-23 14:18 – Updated: 2024-08-04 11:42

Summary

In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI library's heap memory through remote input, this vulnerability may be abused to achieve full Remote Code Execution against any network inspection stack that is linked against nDPI and uses it to perform network traffic analysis.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/ntop/nDPI/commit/7ce478a58b4dd…	x_refsource_MISC
	https://securitylab.github.com/advisories/GHSL-20…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:42:00.826Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI library\u0027s heap memory through remote input, this vulnerability may be abused to achieve full Remote Code Execution against any network inspection stack that is linked against nDPI and uses it to perform network traffic analysis."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-23T14:18:36",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11939",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI library\u0027s heap memory through remote input, this vulnerability may be abused to achieve full Remote Code Execution against any network inspection stack that is linked against nDPI and uses it to perform network traffic analysis."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202",
              "refsource": "MISC",
              "url": "https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202"
            },
            {
              "name": "https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi",
              "refsource": "MISC",
              "url": "https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11939",
    "datePublished": "2020-04-23T14:18:36",
    "dateReserved": "2020-04-20T00:00:00",
    "dateUpdated": "2024-08-04T11:42:00.826Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-25756

CVE-2020-11939 (GCVE-0-2020-11939)

Tags

Sightings

Nomenclature