Ndpi

ndpi

Vendor: Ntop • 10 CVEs

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-25066 1Ntop 1Ndpi Oct 2, 2025 Feb 3, 2025 N/A· v4 8.4 HIGH· v3 N/A· v2 nDPI through 4.12 has a potential stack-based buffer overflow in ndpi_address_cache_restore in lib/ndpi_cache.c.
CVE-2021-36082 1Ntop 1Ndpi Nov 21, 2024 Jul 1, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 ntop nDPI 3.4 has a stack-based buffer overflow in processClientServerHello.
CVE-2020-15476 2Debian Ntop 2Debian Linux Ndpi Nov 21, 2024 Jul 1, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c.
CVE-2020-15475 1Ntop 1Ndpi Nov 21, 2024 Jul 1, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c omits certain reinitialization, leading to a use-after-free.
CVE-2020-15474 1Ntop 1Ndpi Nov 21, 2024 Jul 1, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In nDPI through 3.2, there is a stack overflow in extractRDNSequence in lib/protocols/tls.c.
CVE-2020-15473 1Ntop 1Ndpi Jan 26, 2026 Jul 1, 2020 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.
CVE-2020-15472 2Debian Ntop 2Debian Linux Ndpi Nov 21, 2024 Jul 1, 2020 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.
CVE-2020-15471 1Ntop 1Ndpi Jan 26, 2026 Jul 1, 2020 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.
CVE-2020-11940 1Ntop 1Ndpi Nov 21, 2024 Apr 23, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's li...Show more In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library.Show less
CVE-2020-11939 1Ntop 1Ndpi Nov 21, 2024 Apr 23, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Due to the granular nature of the overflow pr...Show more In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI library's heap memory through remote input, this vulnerability may be abused to achieve full Remote Code Execution against any network inspection stack that is linked against nDPI and uses it to perform network traffic analysis.Show less