Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Ccn-lite Subscribe
Filtered by product Ccn-lite

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-12412 1 Ccn-lite 1 Ccn-lite 2019-10-03 6.8 MEDIUM 7.8 HIGH
ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent attackers to have unspecified impact via a crafted file, which triggers infinite recursion and a stack overflow.
CVE-2017-12463 1 Ccn-lite 1 Ccn-lite 2019-10-03 5.0 MEDIUM 7.5 HIGH
Memory leak in the ccnl_app_RX function in ccnl-uapi.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) via vectors involving an envelope_s structure pointer when the packet format is unknown.
CVE-2017-12467 1 Ccn-lite 1 Ccn-lite 2019-10-03 5.0 MEDIUM 7.5 HIGH
Memory leak in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) by leveraging failure to allocate memory for the comp or complen structure member.
CVE-2017-12473 1 Ccn-lite 1 Ccn-lite 2018-02-22 5.0 MEDIUM 7.5 HIGH
ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers to cause a denial of service (application crash) via vectors involving packets with "wrong L values."
CVE-2017-12464 1 Ccn-lite 1 Ccn-lite 2018-02-22 5.0 MEDIUM 7.5 HIGH
ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via vectors involving the keyfile variable.
CVE-2018-6480 1 Ccn-lite 1 Ccn-lite 2018-02-21 6.8 MEDIUM 8.8 HIGH
A type confusion issue was discovered in CCN-lite 2, leading to a memory access violation and a failure of the nonce feature (which, for example, helped with loop prevention). ccnl_fwd_handleInterest assumes that the union member s is of type ccnl_pktdetail_ndntlv_s. However, if the type is in fact struct ccnl_pktdetail_ccntlv_s or struct ccnl_pktdetail_iottlv_s, the memory at that point is either uninitialised or points to data that is not a nonce, which renders the code using the local variable nonce pointless. A later nonce check is insufficient.