CVE-2020-15472

In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpisearchh323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.

References

Affected packages

Git / github.com/ntop/ndpi

Affected ranges

Type: GIT
Repo: https://github.com/ntop/ndpi
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b7e666e465f138ae48ab81976726e67deed12701

Affected versions

1.*

1.6

1.7

1.8

Database specific

vanir_signatures

[
    {
        "digest": {
            "line_hashes": [
                "37158175496369557638661188348822373976",
                "272624026154926481789464888923245734527",
                "128483779748111000959621208148968385399",
                "191203462040903637991255525166519043278",
                "202137246577764407674332606051881522823",
                "254581157989444017823825208114608967594",
                "220552098850189103773486000282418709339",
                "165523891977900981464278864081148233894",
                "288065428000065310550098815522435843083",
                "148286308794082704992720175692448102013",
                "242158858712497459091146561446991098121",
                "109788843581893408060902643379445504426",
                "78347523760979884149620970830269976740",
                "233305530776956303714549047494037759136",
                "191898092074880987703702359714668383457",
                "61243521551237482942836149853970086605",
                "218822097484724381970675483307378815469",
                "319047683415771416144204377688333169592",
                "6050888054976502034085867643330302894",
                "176698984432968540960594340912258082203",
                "216811963159498958830359283333183499404",
                "137864543043595842919580941327615706978",
                "191320365427541717139521414971936490443",
                "269697712918796504699661200759818370187",
                "322999005938936772240457139788296425190",
                "180711454304228101903343420551425003852",
                "264226937030061930829593809046614683063",
                "309470068309191534056358958172111713075",
                "144449224514945957962137010936604765161",
                "45964088552453602791853689467469516960",
                "84815553310013667135339121934126060130",
                "190513061752796812475233563543719664773",
                "39372483252266719667520672835494869807",
                "246317550475750345496691228926941204322",
                "292467771262168747562200280333241625359",
                "96532551231204530540335610046191245485",
                "104234233993223039017107184641776461048",
                "190513061752796812475233563543719664773",
                "39372483252266719667520672835494869807",
                "203714922098940276229728414483944633085",
                "325463742767767808010533993873195329843",
                "87218094603477226179990258826451260922",
                "124322142682969937251086067914070324991",
                "6796867668290565658714049661429201073",
                "137864543043595842919580941327615706978",
                "293949540968280903538352693917672011553",
                "108587633537507210242609878158511307392",
                "262905219823433313025615255739858019406",
                "202601793893477208560748496062216300356"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2020-15472-34b066df",
        "target": {
            "file": "src/lib/protocols/h323.c"
        },
        "source": "https://github.com/ntop/ndpi/commit/b7e666e465f138ae48ab81976726e67deed12701"
    },
    {
        "digest": {
            "function_hash": "297176701936531315293082439302767489781",
            "length": 12756.0
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2020-15472-4adda645",
        "target": {
            "file": "example/ndpiReader.c",
            "function": "printFlow"
        },
        "source": "https://github.com/ntop/ndpi/commit/b7e666e465f138ae48ab81976726e67deed12701"
    },
    {
        "digest": {
            "line_hashes": [
                "32432617805752391356402397108210527075",
                "49863619554363700977400378494479937552",
                "236987109859104909434797321262381738744",
                "45511070358067980906116535964497872817",
                "191526781884219010682963255839179645637",
                "120474216325503234291030394300257413031",
                "222229711533603120877018718470369066978",
                "190616763307957142858227493423005315430",
                "112595345085334078359538712828315552581"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2020-15472-610d54ee",
        "target": {
            "file": "example/ndpiReader.c"
        },
        "source": "https://github.com/ntop/ndpi/commit/b7e666e465f138ae48ab81976726e67deed12701"
    },
    {
        "digest": {
            "function_hash": "216257714192309902481608048956996799368",
            "length": 2181.0
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2020-15472-a9da8f02",
        "target": {
            "file": "src/lib/protocols/h323.c",
            "function": "ndpi_search_h323"
        },
        "source": "https://github.com/ntop/ndpi/commit/b7e666e465f138ae48ab81976726e67deed12701"
    }
]