CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12889
https://notcve.org/view.php?id=CVE-2018-12889
26 Jun 2018 — An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking '\0' termination when reading a binary CCNx or NDN file. This can result in Heap Corruption. This was addressed by fixing the memory management in mkAddToRelayCacheRequest in ccn-lite-ctrl.c. Se ha descubierto un problema en CCN-lite 2.0.1. • https://github.com/cn-uofbasel/ccn-lite/issues/279 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7039
https://notcve.org/view.php?id=CVE-2018-7039
14 Feb 2018 — CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because the ccnl_ndntlv_prependBlob function in ccnl-pkt-ndntlv.c can be called with wrong arguments. Specifically, there is an incorrect integer data type causing a negative third argument in some cases of crafted TLV data with inconsistent length information. CCN-lite 2.0.0 Beta permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer) u ot... • https://github.com/cn-uofbasel/ccn-lite/issues/191 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6953
https://notcve.org/view.php?id=CVE-2018-6953
13 Feb 2018 — In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain component's length field matches the actual component length, which has a resultant buffer overflow and out-of-bounds memory accesses. En CCN-lite 2, el analizador de NDNTLV no verifica si el campo length un componente determinado coincide con su longitud real, lo que resulta en un desbordamiento de búfer y accesos a la memoria fuera de límites. • https://github.com/cn-uofbasel/ccn-lite/issues/195 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6948
https://notcve.org/view.php?id=CVE-2018-6948
13 Feb 2018 — In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a buffer overflow, when writing a prefix to the buffer buf. The maximal size of the prefix is CCNL_MAX_PREFIX_SIZE; the buffer has the size CCNL_MAX_PREFIX_SIZE. However, when NFN is enabled, additional characters are written to the buffer (e.g., the "NFN" and "R2C" tags). Therefore, sending an NFN-R2C packet with a prefix of size CCNL_MAX_PREFIX_SIZE can cause an overflow of buf inside ccnl_prefix_to_str_detailed. En CCN-lite 2, la función c... • https://github.com/cn-uofbasel/ccn-lite/issues/193 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12463
https://notcve.org/view.php?id=CVE-2017-12463
07 Feb 2018 — Memory leak in the ccnl_app_RX function in ccnl-uapi.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) via vectors involving an envelope_s structure pointer when the packet format is unknown. Fuga de memoria en la función ccnl_app_RX en ccnl-uapi.c en CCN-lite, en versiones anteriores a la 2.00, permite que atacantes dependientes del contexto provoquen una denegación de servicio (consumo de memoria) mediante vectores relacionados con un puntero de... • https://github.com/cn-uofbasel/ccn-lite/issues/129 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12470
https://notcve.org/view.php?id=CVE-2017-12470
07 Feb 2018 — Integer overflow in the ndn_parse_sequence function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the typ and vallen variables. Desbordamiento de enteros en la función ndn_parse_sequence en CCN-lite, en versiones anteriores a la 2.00, permite que atacantes dependientes del contexto provoquen un impacto sin especificar mediante vectores relacionados con las variables typ y vallen. • https://github.com/cn-uofbasel/ccn-lite/issues/136 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12466
https://notcve.org/view.php?id=CVE-2017-12466
07 Feb 2018 — CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors related to ssl_halen when running ccn-lite-sim, which trigger an out-of-bounds access. CCN-lite, en versiones anteriores a la 2.00, permite que atacantes dependientes del contexto tengan un impacto sin especificar mediante vectores relacionados con ssl_halen al ejecutar ccn-lite-sim, lo que desencadena un acceso fuera de límites. • https://github.com/cn-uofbasel/ccn-lite/issues/132 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12471
https://notcve.org/view.php?id=CVE-2017-12471
07 Feb 2018 — The cnb_parse_lev function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging failure to check for out-of-bounds conditions, which triggers an invalid read in the hexdump function. La función cnb_parse_lev en CCN-lite, en versiones anteriores a la 2.00, permite que atacantes dependientes del contexto provoquen un impacto sin especificar aprovechando el error a la hora de comprobar condiciones fuera de límites, lo que desencadena una lectura inválida en la fun... • https://github.com/cn-uofbasel/ccn-lite/issues/137 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12467
https://notcve.org/view.php?id=CVE-2017-12467
07 Feb 2018 — Memory leak in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) by leveraging failure to allocate memory for the comp or complen structure member. Fuga de memoria en CCN-lite, en versiones anteriores a la 2.00, permite que atacantes dependientes del contexto provoquen una denegación de servicio (consumo de memoria) aprovechando un error a la hora de asignar memoria en el miembro de estructura comp o complen. • https://github.com/cn-uofbasel/ccn-lite/issues/133 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12464
https://notcve.org/view.php?id=CVE-2017-12464
07 Feb 2018 — ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via vectors involving the keyfile variable. ccn-lite-valid.c en CCN-lite, en versiones anteriores a la 2.00, permite que atacantes dependientes del contexto provoquen una denegación de servicio (desreferencia de puntero NULL) mediante vectores relacionados con la variable keyfile. • https://github.com/cn-uofbasel/ccn-lite/issues/130 • CWE-476: NULL Pointer Dereference •