OSV-2025-723

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/https://github.com/ntop/nDPI.git/OSV-2025-723.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2025-723
Published
2025-09-13T00:02:40.666090Z
Modified
2025-09-13T00:02:40.666412Z
Summary
Heap-buffer-overflow in processClientServerHello
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=444547710

Crash type: Heap-buffer-overflow READ 2
Crash state:
processClientServerHello
process_tls
fuzz_quic_get_crypto_data.c
References

Affected packages

OSS-Fuzz / ndpi

Package

Name
ndpi
Purl
pkg:generic/ndpi

Affected ranges

Type
GIT
Repo
https://github.com/ntop/nDPI.git
Events
Introduced
37562c655d13fa301bc7fb584e4cb9331c303ff5
Fixed
43d9caac0090fb1c5d70dd1675b021bfbeaf5524

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific 

{
    "fixed_range": "37562c655d13fa301bc7fb584e4cb9331c303ff5:43d9caac0090fb1c5d70dd1675b021bfbeaf5524"
}