CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12889
https://notcve.org/view.php?id=CVE-2018-12889
An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking '\0' termination when reading a binary CCNx or NDN file. This can result in Heap Corruption. This was addressed by fixing the memory management in mkAddToRelayCacheRequest in ccn-lite-ctrl.c. Se ha descubierto un problema en CCN-lite 2.0.1. • https://github.com/cn-uofbasel/ccn-lite/issues/279 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7039
https://notcve.org/view.php?id=CVE-2018-7039
CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because the ccnl_ndntlv_prependBlob function in ccnl-pkt-ndntlv.c can be called with wrong arguments. Specifically, there is an incorrect integer data type causing a negative third argument in some cases of crafted TLV data with inconsistent length information. CCN-lite 2.0.0 Beta permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer) u otro tipo de impacto sin especificar debido a que la función ccnl_ndntlv_prependBlob en ccnl-pkt-ndntlv.c se puede llamar con argumentos incorrectos. Específicamente, existe un tipo de datos de enteros incorrecto que resulta en un tercer argumento incorrecto, en algunos casos de datos TLV manipulados, con información de longitud inconsistente. • https://github.com/cn-uofbasel/ccn-lite/issues/191 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6953
https://notcve.org/view.php?id=CVE-2018-6953
In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain component's length field matches the actual component length, which has a resultant buffer overflow and out-of-bounds memory accesses. En CCN-lite 2, el analizador de NDNTLV no verifica si el campo length un componente determinado coincide con su longitud real, lo que resulta en un desbordamiento de búfer y accesos a la memoria fuera de límites. • https://github.com/cn-uofbasel/ccn-lite/issues/195 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6948
https://notcve.org/view.php?id=CVE-2018-6948
In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a buffer overflow, when writing a prefix to the buffer buf. The maximal size of the prefix is CCNL_MAX_PREFIX_SIZE; the buffer has the size CCNL_MAX_PREFIX_SIZE. However, when NFN is enabled, additional characters are written to the buffer (e.g., the "NFN" and "R2C" tags). Therefore, sending an NFN-R2C packet with a prefix of size CCNL_MAX_PREFIX_SIZE can cause an overflow of buf inside ccnl_prefix_to_str_detailed. En CCN-lite 2, la función ccnl_prefix_to_str_detailed puede provocar un desbordamiento de búfer al escribir un prefijo en el búfer buf. • https://github.com/cn-uofbasel/ccn-lite/issues/193 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12470
https://notcve.org/view.php?id=CVE-2017-12470
Integer overflow in the ndn_parse_sequence function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the typ and vallen variables. Desbordamiento de enteros en la función ndn_parse_sequence en CCN-lite, en versiones anteriores a la 2.00, permite que atacantes dependientes del contexto provoquen un impacto sin especificar mediante vectores relacionados con las variables typ y vallen. • https://github.com/cn-uofbasel/ccn-lite/issues/136 • CWE-190: Integer Overflow or Wraparound •