OSV-2024-293

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ndpi/OSV-2024-293.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2024-293

Published

2024-04-24T00:02:46.009671Z

Modified

2024-04-24T00:02:46.010298Z

Summary

Stack-buffer-overflow in shoco_decompress

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68211

Crash type: Stack-buffer-overflow READ 1
Crash state:
shoco_decompress
fuzz_alg_shoco.cpp

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68211

Affected packages

OSS-Fuzz / ndpi

Package

Name: ndpi
Purl: pkg:generic/ndpi

Affected ranges

Type: GIT
Repo: https://github.com/ntop/nDPI.git
Events: Introduced

ef891834699db2b0ed16e32fc2d352e8a8419945

Fixed

a62679952c4fe51fead86f38c76eee8fbdd1f694

Ecosystem specific

{
    "severity": "MEDIUM"
}

Database specific

{
    "introduced_range": "905120588bf2a1bb56b280d9accd89e7265b8364:246e972f9c1bf2780c348ae43030119ad417c153",
    "fixed_range": "f494bdd653fcac1bd428bbf39eafd138f6f53d2a:a62679952c4fe51fead86f38c76eee8fbdd1f694"
}