Search
Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12889 | 1 Ccn-lite | 1 Ccn-lite | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking '\0' termination when reading a binary CCNx or NDN file. This can result in Heap Corruption. This was addressed by fixing the memory management in mkAddToRelayCacheRequest in ccn-lite-ctrl.c. | |||||
| CVE-2018-6948 | 1 Ccn-lite | 1 Ccn-lite | 2018-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a buffer overflow, when writing a prefix to the buffer buf. The maximal size of the prefix is CCNL_MAX_PREFIX_SIZE; the buffer has the size CCNL_MAX_PREFIX_SIZE. However, when NFN is enabled, additional characters are written to the buffer (e.g., the "NFN" and "R2C" tags). Therefore, sending an NFN-R2C packet with a prefix of size CCNL_MAX_PREFIX_SIZE can cause an overflow of buf inside ccnl_prefix_to_str_detailed. | |||||
| CVE-2018-6953 | 1 Ccn-lite | 1 Ccn-lite | 2018-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain component's length field matches the actual component length, which has a resultant buffer overflow and out-of-bounds memory accesses. | |||||
| CVE-2018-7039 | 1 Ccn-lite | 1 Ccn-lite | 2018-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because the ccnl_ndntlv_prependBlob function in ccnl-pkt-ndntlv.c can be called with wrong arguments. Specifically, there is an incorrect integer data type causing a negative third argument in some cases of crafted TLV data with inconsistent length information. | |||||
| CVE-2017-12470 | 1 Ccn-lite | 1 Ccn-lite | 2018-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in the ndn_parse_sequence function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the typ and vallen variables. | |||||
| CVE-2017-12469 | 1 Ccn-lite | 1 Ccn-lite | 2018-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging incorrect memory allocation. | |||||
| CVE-2017-12468 | 1 Ccn-lite | 1 Ccn-lite | 2018-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the vallen and len variables. | |||||
| CVE-2017-12465 | 1 Ccn-lite | 1 Ccn-lite | 2018-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple integer overflows in CCN-lite before 2.00 allow context-dependent attackers to have unspecified impact via vectors involving the (1) vallen variable in the iottlv_parse_sequence function or (2) typ, vallen and i variables in the localrpc_parse function. | |||||
| CVE-2017-12466 | 1 Ccn-lite | 1 Ccn-lite | 2018-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors related to ssl_halen when running ccn-lite-sim, which trigger an out-of-bounds access. | |||||
| CVE-2017-12472 | 1 Ccn-lite | 1 Ccn-lite | 2018-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging missing NULL pointer checks after ccnl_malloc. | |||||
| CVE-2017-12471 | 1 Ccn-lite | 1 Ccn-lite | 2018-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| The cnb_parse_lev function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging failure to check for out-of-bounds conditions, which triggers an invalid read in the hexdump function. | |||||