In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concathashstring in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI library's heap memory through remote input, this vulnerability may be abused to achieve full Remote Code Execution against any network inspection stack that is linked against nDPI and uses it to perform network traffic analysis.
{
"cpe": "cpe:2.3:a:ntop:ndpi:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "3.2"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}[
{
"source": "https://github.com/ntop/ndpi/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"90098555392621792655444497843304198377",
"248088919110891696402383954492473434854",
"103205715107850172623242300030265280107",
"106931574814506455094342183445124275976",
"256223543501167444157102483769890330241",
"36730755761917650802390084511422679341",
"186998852720266838799523855363183783887",
"185335030166029547406247007661411730390",
"226757989763120151439488222310783251886",
"306971311188099745823684004607826649980",
"311468897869830441894343710491978672644",
"250885279769554835181950345265473491468",
"303145487143888301726310878257127237580",
"49179849989099264623126266977899134858",
"196751063030876352374082677123802447793",
"80454884451883005323606728084617810275",
"74250334664598201673095961881215789230",
"230351351768418757198115691252772704413",
"199771834766053173464310199541677224437",
"62589407157362015951869353400318022483",
"20941458010234872475888698619707263428",
"57272967599891703381530692916475999999",
"121441051357440296551195743271757813125",
"21469495011726260511774075317546701077",
"177197553529436440170169005138441807140",
"303145487143888301726310878257127237580",
"49179849989099264623126266977899134858",
"196751063030876352374082677123802447793",
"80454884451883005323606728084617810275",
"74250334664598201673095961881215789230",
"230351351768418757198115691252772704413",
"199771834766053173464310199541677224437",
"62589407157362015951869353400318022483",
"20941458010234872475888698619707263428",
"226757989763120151439488222310783251886",
"306971311188099745823684004607826649980",
"311468897869830441894343710491978672644",
"250885279769554835181950345265473491468",
"303145487143888301726310878257127237580",
"49179849989099264623126266977899134858",
"196751063030876352374082677123802447793",
"80454884451883005323606728084617810275",
"74250334664598201673095961881215789230",
"230351351768418757198115691252772704413",
"199771834766053173464310199541677224437",
"62589407157362015951869353400318022483",
"20941458010234872475888698619707263428",
"57272967599891703381530692916475999999",
"121441051357440296551195743271757813125",
"21469495011726260511774075317546701077",
"177197553529436440170169005138441807140",
"303145487143888301726310878257127237580",
"49179849989099264623126266977899134858",
"196751063030876352374082677123802447793",
"80454884451883005323606728084617810275",
"74250334664598201673095961881215789230",
"230351351768418757198115691252772704413",
"199771834766053173464310199541677224437",
"62589407157362015951869353400318022483",
"20941458010234872475888698619707263428",
"226757989763120151439488222310783251886",
"306971311188099745823684004607826649980",
"311468897869830441894343710491978672644",
"250885279769554835181950345265473491468",
"303145487143888301726310878257127237580",
"49179849989099264623126266977899134858",
"39528483705297221797883597212464487118",
"279887832145773530318018006419191556265",
"27337239312858035367681845572483571849",
"199771834766053173464310199541677224437",
"62589407157362015951869353400318022483",
"20941458010234872475888698619707263428",
"57272967599891703381530692916475999999",
"121441051357440296551195743271757813125",
"21469495011726260511774075317546701077",
"177197553529436440170169005138441807140",
"303145487143888301726310878257127237580",
"49179849989099264623126266977899134858",
"39528483705297221797883597212464487118",
"279887832145773530318018006419191556265",
"27337239312858035367681845572483571849",
"129613934731430132222472386221150942694",
"85718418905613519250742540026416103130",
"280420456888903253897954805707563812709"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2020-11939-76b3bb79",
"target": {
"file": "src/lib/protocols/ssh.c"
}
},
{
"source": "https://github.com/ntop/ndpi/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "321790383128337468983970469050623318505",
"length": 3519.0
},
"deprecated": false,
"id": "CVE-2020-11939-d3e84ed3",
"target": {
"function": "concat_hash_string",
"file": "src/lib/protocols/ssh.c"
}
}
]
"2026-07-08T22:14:21Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11939.json"