Описание
In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c.
Ссылки
- ExploitPatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitPatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.2 (включая)
Одновременно
cpe:2.3:a:ntop:ndpi:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01065
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-125
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 5 лет назад
In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c.
CVSS3: 7.5
debian
больше 5 лет назад
In nDPI through 3.2, the Oracle protocol dissector has a heap-based bu ...
CVSS3: 7.5
github
больше 3 лет назад
In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c.
EPSS
Процентиль: 77%
0.01065
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-125