Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI library's heap memory through remote input, this vulnerability may be abused to achieve full Remote Code Execution against any network inspection stack that is linked against nDPI and uses it to perform network traffic analysis.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ntop nDPI 输入验证错误漏洞
Vulnerability Description
Ntop nDPI是意大利Ntop公司的一款用于深度数据包检查的开源库。 Ntop nDPI 3.2 Stable及之前版本中SSH协议解析器存在输入验证错误漏洞。攻击者可利用该漏洞执行代码或进行网络流量分析。
CVSS Information
N/A
Vulnerability Type
N/A