Bas Alberts

Researcher fromGHSL team
#10590of 53,630
26.1Total CVSS
Vulnerabilities · 3
High
2
Critical
1
PT-2021-11460
8.8
2021-02-19
Png-Img · Png-Img · CVE-2020-28248
Name of the Vulnerable Software and Affected Versions: png-img versions prior to 3.1.0 Description: The issue is caused by an integer overflow in the PngImg::InitStorage () function, leading to under-allocation of heap memory. This results in a heap-based buffer overflow when a crafted PNG file is loaded. Recommendations: For versions prior to 3.1.0, update to version 3.1.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the PngImg::InitStorage () function until a patch is available.
PT-2020-12935
9.8
2020-04-23
Ntop · Ndpi · CVE-2020-11939
**Name of the Vulnerable Software and Affected Versions** nDPI versions 3.2 Stable and earlier **Description** The SSH protocol dissector in nDPI has multiple KEXINIT integer overflows, resulting in a controlled remote heap overflow in `concat hash string` in `ssh.c`. This issue can be exploited to achieve full Remote Code Execution against any network inspection stack linked against nDPI that uses it for network traffic analysis. **Recommendations** For nDPI versions 3.2 Stable and earlier, consider disabling the SSH protocol dissector as a temporary workaround until a patch is available. Restrict access to the `ssh.c` module to minimize the risk of exploitation. Avoid using the `concat hash string` function in the affected SSH protocol dissector until the issue is resolved.
PT-2020-12936
7.5
2020-04-23
Ntop · Ndpi · CVE-2020-11940
**Name of the Vulnerable Software and Affected Versions** nDPI versions 3.2 Stable and earlier **Description** The issue allows a network-positioned attacker to exploit an out-of-bounds read in `concat hash string` in `ssh.c` by sending malformed SSH protocol messages on a network segment monitored by nDPI's library. **Recommendations** For nDPI versions 3.2 Stable and earlier, consider restricting access to the `ssh.c` module to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the `concat hash string` function in the affected `ssh.c` file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.