Bug 1173597 (CVE-2020-15472)

Summary:	VUL-0: CVE-2020-15471,CVE-2020-15472,CVE-2020-15473,CVE-2020-15474,CVE-2020-15475,CVE-2020-15476: ndpi: multiple memory safety issues
Product:	[openSUSE] openSUSE Distribution	Reporter:	Wolfgang Frisch <wolfgang.frisch>
Component:	Security	Assignee:	Martin Hauke <mardnh>
Status:	NEW ---	QA Contact:	Security Team bot <security-team>
Severity:	Major
Priority:	P2 - High	CC:	atoptsoglou
Version:	Leap 15.2
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/262669/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Wolfgang Frisch 2020-07-01 15:34:34 UTC

CVE-2020-15471

In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based
buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.

CVE-2020-15472

In nDPI through 3.2, there is a stack overflow in extractRDNSequence in
lib/protocols/tls.c.

CVE-2020-15473

In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based
buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.

CVE-2020-15474

In nDPI through 3.2, there is a stack overflow in extractRDNSequence in
lib/protocols/tls.c.

CVE-2020-15475

In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c omits
certain reinitialization, leading to a use-after-free.

CVE-2020-15476

In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer
over-read in ndpi_search_oracle in lib/protocols/oracle.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15471
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15472
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15473
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15474
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15475
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15476
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15471.html
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15472.html
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15473.html
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15474.html
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15475.html
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15476.html

Comment 1 Wolfgang Frisch 2020-07-01 15:42:21 UTC

Affected:
openSUSE:Factory
openSUSE:Leap:15.1
openSUSE:Leap:15.2

Upstream commits:
CVE-2020-15471: https://github.com/ntop/nDPI/commit/61066fb106efa6d3d95b67e47b662de208b2b622
CVE-2020-15472: https://github.com/ntop/nDPI/commit/b7e666e465f138ae48ab81976726e67deed12701
CVE-2020-15473: https://github.com/ntop/nDPI/commit/8e7b1ea7a136cc4e4aa9880072ec2d69900a825e
CVE-2020-15474: https://github.com/ntop/nDPI/commit/23594f036536468072198a57c59b6e9d63caf6ce
CVE-2020-15475: https://github.com/ntop/nDPI/commit/6a9f5e4f7c3fd5ddab3e6727b071904d76773952
CVE-2020-15476: https://github.com/ntop/nDPI/commit/b69177be2fbe01c2442239a61832c44e40136c05

Comment 2 Alexandros Toptsoglou 2021-01-28 17:14:15 UTC

Leap 15.2 and Factory are affected. Might be a good idea to upgrade both