CVE-2018-6480

Name of the Vulnerable Software and Affected Versions CCN-lite version 2

Description A type confusion issue was discovered, leading to a memory access violation and a failure of the nonce feature, which is used for loop prevention. The ccnl fwd handleInterest function assumes a specific type for the union member s, but if the type is different, the memory is either uninitialised or points to incorrect data, rendering the nonce check insufficient.

Recommendations For CCN-lite version 2, consider modifying the ccnl fwd handleInterest function to correctly handle different types for the union member s, ensuring that the memory access is valid and the nonce feature functions as intended.