Bug 1173597 (CVE-2020-15472)

Summary: VUL-0: CVE-2020-15471,CVE-2020-15472,CVE-2020-15473,CVE-2020-15474,CVE-2020-15475,CVE-2020-15476: ndpi: multiple memory safety issues
Product: [openSUSE] openSUSE Distribution Reporter: Wolfgang Frisch <wolfgang.frisch>
Component: SecurityAssignee: Martin Hauke <mardnh>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P2 - High CC: atoptsoglou
Version: Leap 15.2   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/262669/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Wolfgang Frisch 2020-07-01 15:34:34 UTC
CVE-2020-15471

In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based
buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.

CVE-2020-15472

In nDPI through 3.2, there is a stack overflow in extractRDNSequence in
lib/protocols/tls.c.

CVE-2020-15473

In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based
buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.

CVE-2020-15474

In nDPI through 3.2, there is a stack overflow in extractRDNSequence in
lib/protocols/tls.c.

CVE-2020-15475

In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c omits
certain reinitialization, leading to a use-after-free.

CVE-2020-15476

In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer
over-read in ndpi_search_oracle in lib/protocols/oracle.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15471
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15472
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15473
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15474
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15475
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15476
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15471.html
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15472.html
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15473.html
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15474.html
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15475.html
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15476.html
Comment 2 Alexandros Toptsoglou 2021-01-28 17:14:15 UTC
Leap 15.2 and Factory are affected. Might be a good idea to upgrade both