Heap-based Buffer Over-read in nDPI OpenVPN Dissector
CVE-2020-15473

9.1CRITICAL

Key Information:

Vendor: Ntop
Status: Ndpi
Vendor: CVE Published:; 1 July 2020

What is CVE-2020-15473?

In nDPI versions up to 3.2, a vulnerability exists in the OpenVPN dissector that allows for a heap-based buffer over-read. This occurs in the ndpi_search_openvpn function located in lib/protocols/openvpn.c. Exploiting this vulnerability can lead to unauthorized access and potential disclosure of sensitive information, emphasizing the importance of updating to secure versions to mitigate risks.

References

https://github.com/ntop/nDPI/commit/8e7b1ea7a136cc4e4aa98...

https://github.com/fuzzing2026/CVE-PoCs/tree/main/ndpi-CV...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 1, 2020
Vulnerability Reserved
Jul 1, 2020

CVE-2020-15473 Data

JSON

Ntop

What is CVE-2020-15473?

References

CVSS V3.1

Timeline