CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12472
https://notcve.org/view.php?id=CVE-2017-12472
07 Feb 2018 — ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging missing NULL pointer checks after ccnl_malloc. ccnl-ext-mgmt.c en CCN-lite, en versiones anteriores a la 2.00, permite que atacantes dependientes del contexto provoquen un impacto sin especificar aprovechando la falta de comprobaciones de puntero NULL tras ccnl_malloc. • https://github.com/cn-uofbasel/ccn-lite/issues/138 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12468
https://notcve.org/view.php?id=CVE-2017-12468
07 Feb 2018 — Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the vallen and len variables. Desbordamiento de búfer en ccn-lite-ccnb2xml.c en CCN-lite, en versiones anteriores a la 2.00, permite que atacantes dependientes del contexto provoquen un impacto sin especificar mediante vectores relacionados con las variables vallen y len. • https://github.com/cn-uofbasel/ccn-lite/issues/134 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12412
https://notcve.org/view.php?id=CVE-2017-12412
07 Feb 2018 — ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent attackers to have unspecified impact via a crafted file, which triggers infinite recursion and a stack overflow. ccn-lite-ccnb2xml en CCN-lite, en versiones anteriores a la 2.0.0, permite que atacantes dependientes del contexto provoquen un impacto sin especificar mediante un archivo manipulado, lo que desencadena una recursión infinita y un desbordamiento de pila. • https://github.com/cn-uofbasel/ccn-lite/issues/128 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12465
https://notcve.org/view.php?id=CVE-2017-12465
07 Feb 2018 — Multiple integer overflows in CCN-lite before 2.00 allow context-dependent attackers to have unspecified impact via vectors involving the (1) vallen variable in the iottlv_parse_sequence function or (2) typ, vallen and i variables in the localrpc_parse function. Múltiples desbordamientos de enteros en CCN-lite, en versiones anteriores a la 2.00, permiten que atacantes dependientes del contexto provoquen un impacto sin especificar mediante vectores relacionados con (1) la variable vallen en la función iottlv... • https://github.com/cn-uofbasel/ccn-lite/issues/131 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12473
https://notcve.org/view.php?id=CVE-2017-12473
07 Feb 2018 — ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers to cause a denial of service (application crash) via vectors involving packets with "wrong L values." ccnl_ccntlv_bytes2pkt en CCN-lite permite que atacantes dependientes del contexto provoquen una denegación de servicio (cierre inesperado de la aplicación) mediante vectores relacionados con paquetes con "valores L incorrectos". • https://github.com/cn-uofbasel/ccn-lite/issues/139 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12469
https://notcve.org/view.php?id=CVE-2017-12469
07 Feb 2018 — Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging incorrect memory allocation. Desbordamiento de búfer en util/ccnl-common.c en CCN-lite, en versiones anteriores a la 2.00, permite que atacantes dependientes del contexto provoquen un impacto sin especificar aprovechando la asignación de memoria incorrecta.Desbordamiento de búfer en util/ccnl-common.c en CCN-lite, en versiones anteriores a la 2.00, permite que atacantes d... • https://github.com/cn-uofbasel/ccn-lite/issues/135 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6480
https://notcve.org/view.php?id=CVE-2018-6480
31 Jan 2018 — A type confusion issue was discovered in CCN-lite 2, leading to a memory access violation and a failure of the nonce feature (which, for example, helped with loop prevention). ccnl_fwd_handleInterest assumes that the union member s is of type ccnl_pktdetail_ndntlv_s. However, if the type is in fact struct ccnl_pktdetail_ccntlv_s or struct ccnl_pktdetail_iottlv_s, the memory at that point is either uninitialised or points to data that is not a nonce, which renders the code using the local variable nonce poin... • https://github.com/cn-uofbasel/ccn-lite/issues/159 • CWE-704: Incorrect Type Conversion or Cast •