CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7039
https://notcve.org/view.php?id=CVE-2018-7039
CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because the ccnl_ndntlv_prependBlob function in ccnl-pkt-ndntlv.c can be called with wrong arguments. Specifically, there is an incorrect integer data type causing a negative third argument in some cases of crafted TLV data with inconsistent length information. CCN-lite 2.0.0 Beta permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer) u otro tipo de impacto sin especificar debido a que la función ccnl_ndntlv_prependBlob en ccnl-pkt-ndntlv.c se puede llamar con argumentos incorrectos. Específicamente, existe un tipo de datos de enteros incorrecto que resulta en un tercer argumento incorrecto, en algunos casos de datos TLV manipulados, con información de longitud inconsistente. • https://github.com/cn-uofbasel/ccn-lite/issues/191 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6953
https://notcve.org/view.php?id=CVE-2018-6953
In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain component's length field matches the actual component length, which has a resultant buffer overflow and out-of-bounds memory accesses. En CCN-lite 2, el analizador de NDNTLV no verifica si el campo length un componente determinado coincide con su longitud real, lo que resulta en un desbordamiento de búfer y accesos a la memoria fuera de límites. • https://github.com/cn-uofbasel/ccn-lite/issues/195 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6948
https://notcve.org/view.php?id=CVE-2018-6948
In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a buffer overflow, when writing a prefix to the buffer buf. The maximal size of the prefix is CCNL_MAX_PREFIX_SIZE; the buffer has the size CCNL_MAX_PREFIX_SIZE. However, when NFN is enabled, additional characters are written to the buffer (e.g., the "NFN" and "R2C" tags). Therefore, sending an NFN-R2C packet with a prefix of size CCNL_MAX_PREFIX_SIZE can cause an overflow of buf inside ccnl_prefix_to_str_detailed. En CCN-lite 2, la función ccnl_prefix_to_str_detailed puede provocar un desbordamiento de búfer al escribir un prefijo en el búfer buf. • https://github.com/cn-uofbasel/ccn-lite/issues/193 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6480
https://notcve.org/view.php?id=CVE-2018-6480
A type confusion issue was discovered in CCN-lite 2, leading to a memory access violation and a failure of the nonce feature (which, for example, helped with loop prevention). ccnl_fwd_handleInterest assumes that the union member s is of type ccnl_pktdetail_ndntlv_s. However, if the type is in fact struct ccnl_pktdetail_ccntlv_s or struct ccnl_pktdetail_iottlv_s, the memory at that point is either uninitialised or points to data that is not a nonce, which renders the code using the local variable nonce pointless. A later nonce check is insufficient. Se ha descubierto un problema de confusión de tipos en CCN-lite 2 que conduce a una violación de acceso a la memoria y un fallo de la característica nonce (que, por ejemplo, ayudaba con la prevención de bucles). ccnl_fwd_handleInterest asume que el miembro de unión s es de tipo ccnl_pktdetail_ndntlv_s. Sin embargo, si el tipo es en realidad es el struct ccnl_pktdetail_ccntlv_s o el struct ccnl_pktdetail_iottlv_s, la memoria en ese punto o no está inicializado o señala a datos que no son nonce, que representan el código empleando la variable local nonce sin punto. • https://github.com/cn-uofbasel/ccn-lite/issues/159 • CWE-704: Incorrect Type Conversion or Cast •