UBUNTU-CVE-2020-11939

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-11939

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-11939.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-11939

Related

CVE-2020-11939

Published

2020-04-23T15:15:00Z

Modified

2024-10-15T14:07:26Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concathashstring in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI library's heap memory through remote input, this vulnerability may be abused to achieve full Remote Code Execution against any network inspection stack that is linked against nDPI and uses it to perform network traffic analysis.

References

Affected packages

Ubuntu:Pro:16.04:LTS / ndpi

Package

Name: ndpi
Purl: pkg:deb/ubuntu/ndpi?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.0-1

1.6-1

1.7.1~git20151130.6f3d5a7-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / ndpi

Package

Name: ndpi
Purl: pkg:deb/ubuntu/ndpi?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.8-1

2.*

2.2-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / ndpi

Package

Name: ndpi
Purl: pkg:deb/ubuntu/ndpi?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.6-4

2.6-5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / ndpi

Package

Name: ndpi
Purl: pkg:deb/ubuntu/ndpi?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.0-4

4.2-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / ndpi

Package

Name: ndpi
Purl: pkg:deb/ubuntu/ndpi?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.2-2.1build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / ndpi

Package

Name: ndpi
Purl: pkg:deb/ubuntu/ndpi?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.2-2

4.2-2.1

4.2-2.1build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}