CVE-2020-15471

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-15471
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15471.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-15471
Downstream
Related
Published
2020-07-01T11:15:11Z
Modified
2025-10-15T12:05:07.113406Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpiparsepacketlineinfo in lib/ndpi_main.c.

References

Affected packages

Git / github.com/ntop/ndpi

Affected ranges

Type
GIT
Repo
https://github.com/ntop/ndpi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
61066fb106efa6d3d95b67e47b662de208b2b622

Affected versions

1.*

1.6
1.7
1.8

Database specific

vanir_signatures

[
    {
        "id": "CVE-2020-15471-5cfc4d7e",
        "signature_type": "Function",
        "digest": {
            "length": 11488.0,
            "function_hash": "181806958158329745930157317768529371896"
        },
        "target": {
            "file": "src/lib/ndpi_main.c",
            "function": "ndpi_parse_packet_line_info"
        },
        "source": "https://github.com/ntop/ndpi/commit/61066fb106efa6d3d95b67e47b662de208b2b622",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "id": "CVE-2020-15471-badb0f9d",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "27901700851997172515899853370165295379",
                "201610050532761011261637841589280118008",
                "80379603526575391506941132032884059593",
                "50134569437380941638251642742657898652",
                "20593940236062609007268419019861085370",
                "25491125043040938689397748663962085461",
                "43300169664683112276481632117949646011",
                "116790465653325931271902848782640801654",
                "292373968204422757132337410372161935521",
                "116648488447125457786506300196923545478",
                "263346130739385710191968011865472873993",
                "296391917667486469350417773925568048146",
                "69134860993316747987146156508663424146",
                "273655233034483769817041979511093976563",
                "98989165444264782114102513971420824324",
                "26532880767996807660972715931252760801",
                "263346130739385710191968011865472873993",
                "296391917667486469350417773925568048146",
                "56886916354076258191347530811655578565",
                "254063902930968828380407248845263613753",
                "16801275324043133306943519013333034661",
                "57642197206367785818596861158905087061",
                "339276707551170325232584450257657301590",
                "141579456440240617831143291024589989128",
                "77765381044025788447971434169695599924",
                "275554343259501276519339382234585602093",
                "220103509617406826040508256826001067017",
                "131887483327079209405820967543777450402",
                "224732526485576017040445576995802432130",
                "124924552320332925981374288075858764327",
                "1237430623777699397437893196055406715"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/lib/ndpi_main.c"
        },
        "source": "https://github.com/ntop/ndpi/commit/61066fb106efa6d3d95b67e47b662de208b2b622",
        "signature_version": "v1",
        "deprecated": false
    }
]